modsecurity系列三：规则2-Operators

Operators
In the examples so far the assumption was that we are always going to use regular pattern matching against input. While regular expressions are very useful, there are often times when you want to do something else. That is when operators come to play. The truth is that ModSecurity always uses an operator, but that it assumes that you want to use regular patterns matching unless you specify an operator in a rule. So, to start with, here’s a rule that explicitly specifies an operator- -the regular pattern matching one!
SecRule ARGS:username "@rx ^(admin|root)$"
The above rule which checks if the requested username is admin or root. You may have
noticed a few things:
• Operators begin with a @ character.
• Operators are always placed at the beginning of the second SecRule token.
• There’s always a space after an operator. Whatever follows the space is the single operator
parameter. In the case of the @rx operator, the parameter is a regular expression.
• When you have a rule with an explicit operator you’ll need to use double quotes

around the token, because there’s always going to be a space character

String matching operators
String matching operators all take a string on input and attempt to match it to the provided
parameter. The @rx and @pm operators are the ones commonly used, because of their versatility
(@rx) and speed (@pm), but the remaining operators are also useful, especially if you
need variable expansion, which neither @rx nor @pm support.

常用的操作符如下

@beginsWith Begins with
@contains Contains
@endsWith Ends with
@rx Regular pattern match
@pm Parallel matching 相识匹配
@pmFromFile (@pmf in v2.6) Parallel matching, with arguments from a file
@streq String equal to
@within Within

Numerical operators
Numerical operators, in Table 5.10, “Numerical operators” make comparing numerical values
easy (previously you had to resort to using complex regular expressions).

Operator Description
@eq Equal
@ge Greater or equal
@gt Greater than
@le Less or equal
@lt Less than

Validation operators
Validation operators, in Table 5.11, “Validation operators”, all validate input in some way.

Operator Description
@validateByteRange Validates that parameter consists only of allowed byte values
@validateDTD Validates XML payload against a DTD
@validateSchema Validates XML payload against a Schema
@validateUrlEncoding Validates an URL-encoded string
@validateUtf8Encoding Validates an UTF-8 encoded string

Miscellaneous operators  其他操作
And, finally, there’s the miscellaneous category (Table 5.12, “Miscellaneous operators”),which offers some very useful functionality.

Operator Description
@geoLookup Determines the physical location of an IP address
@inspectFile Invokes an external script to inspect a file 调用外部脚本来检查一个文件
@rbl Looks parameter against a RBL (real-time block list)
@verifyCC Checks if the parameter is a valid credit card number 是否是有效的信用卡号码