Consider the following SecRule, which takes a feed from a lua script that is executed:
SecRule &TX:SQLI "@eq 1" "id:'129793',phase:2,t:none,redirect:http://www.example.com/failed.html,msg:'SQLi Injection Payload Found'"
SQLi is found in a request parameter, the
tx.sqli variable is populated and the user is redirected to a specific webpage :
This process works well. However, I would like to redirect the user back to the
referrer address or simply refresh their page or send them back to the previous page they were on.
This may involve, for example, populating the redirect address with the referrer value. Is it possible for
ModSecurity to execute this?
You don’t necessarily know what the referring page is. And most likely there isn’t one at all! Such attacks generally come from automata, not humans.
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.