Acl not matching if using url_dec


#1

Hi,

Trying to make ACL rules to match common script kiddie scans, which go through a variety of similar urls.
given urls like
/phpmyadmin/setup.php
/myadmin/scripts/setup.php

This works

    acl restricted_pages path_sub -i myadmin
    http-request deny if restricted_pages

This does not

    acl restricted_pages path_sub,url_dec -i myadmin
    http-request deny if restricted_pages

Is there anyway to use the two together?

Thanks


#2

Hi,

When using the path_sub fetch method without the url_dec converter, the default pattern matching method associated with path_sub is used for ACL assertion. Therefore this worked:

  acl restricted_pages path_sub -i myadmin
  http-request deny if restricted_pages

However, for url_dec converter there is no default matching method defined and hence, you need to use the -m flag to explicitly specify the pattern matching method that has to be used to assert the ACL True.

Your configuration should therefore look like:

  acl restricted_pages path_sub,url_dec -m sub i myadmin
  http-request deny if restricted_pages

Thanks,
Shivharsh