Knowledgebase
Portal Home > Knowledgebase > Articles Database > modsecurity rule for reject file upload
modsecurity rule for reject file upload
Posted by myserve, 01-12-2016, 02:44 PM Hello, we need a modsecurity rule that block upload any files from our webserver (we use apache or nginx) then have a ignore list and when we specify /home/user/user allow upload there, thanks,
Posted by FINESEC, 01-14-2016, 12:36 PM You can write your own script to decide whether to allow or deny upload, e.g. SecRule FILES_TMPNAMES "@inspectFile /usr/local/scan.sh" phase:2,t:none,log,block https://github.com/SpiderLabs/ModSec...al#inspectFile Also set SecUploadKeepFiles to RelevantOnly.
Add to Favourites Print this Article
Also Read