A GET request to /public/post would fail as TX.match would not be set or unset on the failing chained rule (I have no setup to play around with this combination at the moment to produce a debug log)
With nginx 1.23.2 and libmodsecurity v3.2.0 requests with REQUEST_FILENAME not matching a valid URL will be rejected but testing the HTTP method is not working anymore.
Hi,
The following rules worked fine with apache/modsecurity 2.9.x to reject requests if they don't match the specified combination of HTTP method and URI
A GET request to /public/post would fail as TX.match would not be set or unset on the failing chained rule (I have no setup to play around with this combination at the moment to produce a debug log) With nginx 1.23.2 and libmodsecurity v3.2.0 requests with REQUEST_FILENAME not matching a valid URL will be rejected but testing the HTTP method is not working anymore.
at (***) TX.match is not reset to '0' and the test at (!!!) fails and therefore the request is (erroneously) accepted.
Am I missing something on how to migrate rules from 2.x to 3.x or can I provide other details for clarification?
Thanks