Yes. They are different features. Only ruleRemoveTargetByTag and ruleRemoveTargetByMsg supports regex for tag and msg research. Not in target field.



On Thu, Feb 14, 2013 at 2:57 PM, <> wrote:

In order to upg to 2.7.2 from 2.6.x, I'm attempting to replace my
local "ctl:ruleUpdateTargetById" rules with "ctl:ruleRemoveTargetById" rules.

The old "ctl:ruleUpdateTargetById" seemed to work with regexes, but
"ctl:ruleRemoveTargetById" does not seem to.

Example of trying to whitelist cookies from certain CRS rules:

- This rule works (when the cookie name is "wp-settings-76")
SecAction "phase:1,id:'13999',t:none,auditlog,log,pass,ctl:ruleRemoveTargetById=950901;REQUEST_COOKIES:wp-settings-76"

- This does not work (it doesn't seem to do apply a regex match):
SecAction "phase:1,id:'10071',t:none,auditlog,log,pass,ctl:ruleRemoveTargetById=950901;REQUEST_COOKIES:/^wp-settings/"


Free Next-Gen Firewall Hardware Offer
Buy your Sophos next-gen firewall before the end March 2013
and get the hardware for free! Learn more.
mod-security-users mailing list
Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: