Page rules with matching only parts of URL

Hi, i have this rule

mydomain.com/Liefer-und-Versandkosten:’;print(md5(acunetix_wvs_security_test));%24a%3D’:1.html

the beginning and the end are specific, this
mydomain.com/Liefer-und-Versandkosten
and this
:1.html

This part:
acunetix_wvs_security_test
is an attack.

How can i build a page rule for every page on my website, just looking for “acunetix_wvs_security_test” in URL ?

regards karsten

What exactly do you want to accomplish? Shouldnt that be a firewall rule instead of a page rule?

The idea was "if URL contains acunetix_wvs_security_test, set Security Level to “I’m unter Attack”.

So as firewall rule, would it be like this ?
URL Query String contains acunetix_wvs_security_test

Query string? What you posted earlier was part of the path.

If you just want to switch to “Under Attack” I’d use a firewall rule and impose a JavaScript challenge for these requests.

The idea was this:
the attacker sends 100 attacking paths. I don’t know 80 of them, but 20.
So if he hits one of my “known paths”, it’s not only this path blocked, but the complete website switching to “i’m under attack”. So that further, unknown attacking paths are at least challenged by JavaScript.

So how should this look like?

A page rule would not switch the entire domain, only that path.

Can you post an excerpt of these URLs?

mydomain.com/Liefer-und-Versandkosten:’;print(md5(acunetix_wvs_security_test));%24a%3D’:1.html

/Kontakt:%22;print(md5(acunetix_wvs_security_test));%24a%3d%22:7.html

/index.php?action=acu6802%EF%BC%9Cs1%EF%B9%A5s2%CA%BAs3%CA%B9uca6802&cPath=14_21&page=3/UA0uNayI’));select%20pg_sleep(64.874);%20–%20:_:11.html

/Liefer-und-Versandkosten:’;print(md5(acunetix_wvs_security_test));%24a%3d’:1.html

https://www.mydomain.com:443/[email protected]

/?MODsid=…/…/…/…/…/…/…/…/…/…/boot.ini

/?MODsid=(select%20convert(int%2cCHAR(65)))

/?../…/…/…/…/…/…/…/…/… /etc/passwd/ ./././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././

What i would like to know is how to place placeholders, something like

  • /md5(acunetix_wvs_security_test)/ *
    or
    %md5(acunetix_wvs_security_test)%

Something like that might work

However I’d still use a firwall rule instead.

What user agent do these requests send?

no idea :frowning: didn’t look when last attack happened.

What should i choose?

URl Path contains ?

Sounds about right.

okay i deployed it as firewall rule now, we’ll see :grinning:

thanks

You should remove the slash and the asterisks in the first expression.

This topic was automatically closed after 30 days. New replies are no longer allowed.