I want a few rules for
- excluding the following blocked - base64_ decode( popen proc_open eval create_function ReflectionFunction fopen file_put_contents preg_replace pcntl_open include( require( include_once require_once execute _SERVER DOCUMENT_ROOT system wget curl Mysql , in both the URL and header fields
- I want only basic chars in useragent header [a-z][A-Z][0-9] space : ; \. / , ( ) - I'd like both block and santize style function - so I can see what is better
- I also want a character limit on useragent to 100 characters - I'd like both a block and ability to truncate, so I can see what is better
I'm using libapache2-mod-security2 - so I need rule id's in the rules.
exclude insert and update from useragent as well