This specifies which places to check in a HTTP transaction. Examples of variables include:

  • ARGS – all arguments including the POST payload
  • REQUEST_METHOD – request method used in the transaction
  • REQUEST_HEADERS – can be used as either a collection of all of the request headers or can be used to inspect selected headers
  • And so on. The full list of variables is available here: ModSecurity Reference Manual