December 2012
Intermediate to advanced
552 pages
13h 16m
English
Content preview from Web Application Defender's CookbookBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
Recipe 5-1: Request Body Access
This recipe shows you how to configure ModSecurity to gain access to various types of request body content.
Ingredients
- Libxml2 module1
- ModSecurity
- SecRequestBodyAccess directive
- SecRequestBodyLimit directive
- SecRequestBodyNoFilesLimit directive
- SecRequestBodyInMemoryLimit directive
- SecRequestBodyLimitAction directive
- ctl:requestBodyProcessor action
- ctl:forceRequestBodyVariable action
Basic Directives
By default, ModSecurity does not access, process, or analyze request body content. This poses serious issues with regard to false negatives, because attackers can easily evade detection by sending their attacks in POST body parameters. To gain insight into request bodies, you must configure a few ModSecurity directives. Here is a sample listing:
# -- Request body handling ----------------------------------------- # Allow ModSecurity to access request bodies. If you don't, # ModSecurity won't be able to see any POST parameters, which opens # a large security hole for attackers to exploit. # SecRequestBodyAccess On # Maximum request body size we will accept for buffering. If you # support file uploads then the value given on the first line has to # be as large as the largest file you are willing to accept. The # second value refers to the size of data, with files excluded. You # want to keep that value as low as practical. # SecRequestBodyLimit 13107200 SecRequestBodyNoFilesLimit 131072 # Store up to 128 KB of request body data in memory. When ...Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.