Hi,
Trying to make ACL rules to match common script kiddie scans, which go through a variety of similar urls.
given urls like
/phpmyadmin/setup.php
/myadmin/scripts/setup.php
This works
acl restricted_pages path_sub -i myadmin
http-request deny if restricted_pages
This does not
acl restricted_pages path_sub,url_dec -i myadmin
http-request deny if restricted_pages
Is there anyway to use the two together?
Thanks
Hi,
When using the path_sub fetch method without the url_dec converter, the default pattern matching method associated with path_sub is used for ACL assertion. Therefore this worked:
acl restricted_pages path_sub -i myadmin http-request deny if restricted_pages
However, for url_dec converter there is no default matching method defined and hence, you need to use the -m flag to explicitly specify the pattern matching method that has to be used to assert the ACL True.
Your configuration should therefore look like:
acl restricted_pages path_sub,url_dec -m sub i myadmin http-request deny if restricted_pages
Thanks,
Shivharsh