Only allow certain users to a specific URI

The below rule is a chained rule to only allow certain usernames through a particular URI.  For this instance this was for /owa for MS exchange.  This rule is a relatively simple way to only allow certain AD users through to /owa using a custom WAF rule.

SecRule REQUEST_URI "owa" \

               "id:1005, \

               phase:2, \

               t:lowercase, \

               deny, \

               log, \

               msg:'Rule 1005',\

               Chain"

               SecRule ARGS:username "@rx ^(?!kevin|steve|paula)"\

                              "t:lowercase,t:removeWhiteSpace"

 

You have to turn on inspect HTML POST content inside of advanced settings or this will not work. 

To test I did the following through CLI:

curl --data "username=nick" http://10.1.112.55/owa  

-This failed

While:

curl --data "username=kevin" http://10.1.112.55/owa  

-worked

1

0 comments

Please to leave a comment.

Didn't find what you were looking for?