How to check if request header 'Accept-Encoding' contains gzip in modsecurity

[Stevo Novkovski]

I need to block all request to specific file/uri where request does not accept gzip encoding.
Tried so many combinations, cant make it works. Also tried to copy same schema as Comodo Litespeed rules.

So far, here is my latest rule.


SecRule REQUEST_BASENAME "@streq style.css" chain,log,deny,id:88881001,status:403,msg:'response is not gzipped'
SecRule REQUEST_HEADERS:Accept-Encoding "!@contains gzip" t:none,phase:1

But i can still open the uri even i pass 'Accept-Encoding:blah'. If i remove the second rule, first works fine.

Any suggestion?

 

[mistwang]

Maybe you should put the "phase:1" to the first rule as well.

 

[Stevo Novkovski]

I tried that and much more. Nothing works.

I also mention that if i remove the second rule, first is working. I got problem in accessing/manipulation with header values. Nothing works.
Tried many operations like:

• streq
• eq
• contains

Can u produce this error on your local pc?
Just put the rule and try GET some style.css file without gzip in accept encoding header.