Closed C0nw0nk closed 7 years ago
Hello,
not sure to exactly get what you are trying to achieve, but regarding this :
MainRule negative "rx:\.(html|php)" "msg:Block access to any URL format other than those whitelisted" "mz:URL" "s:$UWA:8" id:1600;
if you don't want this to allow .php5 or .htmlsomething, you can just change it like this :
MainRule negative "rx:\.(html|php)$" "msg:Block access to any URL format other than those whitelisted" "mz:URL" "s:$UWA:8" id:1600;
Yea but if I do that it blocks URL's in this format working
/url/
/url.html?stuff&morestuff=etc
/url.php?stuff&morestuff=extrastuff&stuffing
In a nutshell I just want to prevent URL probing of links / formats that are invalid or don't exist.
It shouldn't match /url.html?stuff&morestuff=etc
or /url.php?stuff&morestuff=extrastuff&stuffing
but it won't block probing :/
In the regex $ is for the end so anything that comes after that should be blocked right ?
MainRule negative "rx:\.(html|php)$" "msg:Block access to any URL format other than those whitelisted" "mz:URL" "s:$UWA:8" id:1600;
So a URL that ends with query strings or arguments will be accepted or blocked ?, To me it looks like those URL's with arguments will be blocked since there is noting in the regex to accept those formats.
And then ofcourse URL's that are search engine friendly
/url/
/url
/url#div-id-number
/url&stuff=stuffed&stuffing=stuffs
URL is different from GET args. URL stops before "?"
I see now that makes sense. In that case the only problem that could remain is URL's that have no format being search engine friendly how do I include these types into that regex.
/url/url
/url/url/
/url/
/url
/
"rx:^/[a-z/]+/$" should work :) starts with a slash, ends with a slash, is composed of a-z
Thanks :D wouldn't that be a separate rule how do I combine both of them into a single rule ? <3
MainRule negative "rx:\.(html|php)$" "msg:Block access to any URL format other than those whitelisted" "mz:URL" "s:$UWA:8" id:1600;
MainRule negative "rx:^/[a-zA-Z0-9/]+/$" "msg:Block access to any URL format other than those whitelisted" "mz:URL" "s:$UWA:8" id:1600;
I am still learning but this place helps allot. http://spike.nginx-goodies.com/rules/
For this kind of things, I think it's better to keep separate rules :) You could do it in one rule, but it's more regex related.
So here is a rule I would like to try and make possible it is just a bit complex to get down on my own.
Example URL formats to be whitelisted while denying all the others
I guess if it is not a php, html or a / link to disallow it. (No reason why people should be trying to access url formats and directories that are not accepted / don't exist.)
The reason the URL's are like this is because some are SEF (search engine friendly) URL's while others are not.
What I came up with so far.
Unfortunately this rule won't be to friendly since ".php5" ".htmlanything" etc will be accepted even though they don't exist and should be blocked, I also believe this won't like url's that don't contain the .php or .html format so a non existent file type like the following example.
Those will be blocked when I want them allowed.
Any help / advice is much appreciated <3 :) It might be impossible.