A number of operators can be used in rules, as documented below.
Executes the external script/binary given as parameter to the operator against every file extracted from the request.
SecRule FILES_TMPNAMES "@inspectFile /opt/apache/bin/inspect_script.pl"
Look up the parameter in the RBL given as parameter. Parameter can be an IPv4 address, or a hostname.
SecRule REMOTE_ADDR "@rbl sc.surbl.org"
Regular expression operator. Regular expressions are handled by the PCRE library (http://www.pcre.org). ModSecurity compiles its regular expressions with the following settings:
The entire input is treated as a single line, even when there are newline characters present.
All matches are case-sensitive. If you do not care about case
sensitivity you either need to implement the
lowercase
transformational function, or use the
per-pattern (?s)
modificator, as allowed by
PCRE.
The PCRE_DOTALL
flag is set during
compilation, meaning a single dot will match any character,
including the newlines.
Validates the byte range used in the variable falls into the specified range:
SecRule ARG:text "@validateByteRange 10, 13, 32-126"
SecRule XML "@validateDTD /path/to/file.dtd"
This operator requires request body to be processed as XML.
SecRule XML "@validateSchema /path/to/file.xsd"
This operator requires request body to be processed as XML.