1

Apache2 mod_security simple default deny rules for specific directory

view story
linux-howto

http://serverfault.com – How to configure the simplest useful default-deny rule set for mod_security? I want to configure mod_security to allow only very specific queries to single directory: In short: I use Apache as a reverse proxy for directory /web_app/, in this directory will be a single php file named get.php. I want to pass to this script only queries that match the following regular expression: get\.php\?ver=1&id=[a-f\d]{16,16}&v=[-.a-z\d\ ]{1,20} In other words, queries with three fields only: id, ver and v. Where first is a digit 1, the second a 16 digit hexadecimal and the third is a string at most 2 (HowTos)