LiteSpeed Technologies
Download Download     Blog Blog     Wiki Wiki     Forum Forum     Store     Contact Contact    

Go Back   LiteSpeed Support Forums > LiteSpeed Web Server > Install/Configuration > can't figure out request filter

Reply
 
Thread Tools Display Modes
  #1  
Old 08-28-2008, 08:34 AM
aww aww is offline
Senior Member
  
Join Date: May 2007
Posts: 237
Question can't figure out request filter
I've been trying to create a server-wide rule to filter out that stupid sql attack that's been going around and clogging up all the logs. The few built in rules are not blocking it.

The attack is something like this:
Quote:
?;DECLARE%20@S%20VARCHAR(4000);SET%20@S=CAST(blah blah blah
So I have this as the action:
log,deny,status:403,msg:'DECLARE attack'

and I tried all these as the rule, none work:

SecFilterSelective QUERY_STRING "^.*DECLARE.+CHAR.+SET.+CAST.+$"

SecFilterSelective ARGS "^.*DECLARE.+CHAR.+SET.+CAST.+$"

SecFilterSelective ARGS_VALUES "^.*DECLARE.+CHAR.+SET.+CAST.+$"

SecFilterSelective THE_REQUEST "^.*DECLARE.+CHAR.+SET.+CAST.+$"

I also tried it without the ^.* and .+$ anchors.

Thanks for any ideas.
Reply With Quote
  #2  
Old 09-01-2008, 07:51 PM
mistwang mistwang is offline
LiteSpeed Staff
  
Join Date: May 2003
Location: New Jersey
Posts: 7,583
you can turn on request filter log to debug those rules.
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -7. The time now is 01:39 PM.



- Archive - Top
© Copyright 2003-2011 LiteSpeed Technologies, Inc. All rights reserved. Privacy Policy.