Yes. They are different features. Only ruleRemoveTargetByTag and ruleRemoveTargetByMsg supports regex for tag and msg research. Not in target field.

Thanks

Breno

On Thu, Feb 14, 2013 at 2:57 PM, <rp-modsec-list@bev.net> wrote:
Hello,

In order to upg to 2.7.2 from 2.6.x, I'm attempting to replace my
local "ctl:ruleUpdateTargetById" rules with "ctl:ruleRemoveTargetById" rules.

The old "ctl:ruleUpdateTargetById" seemed to work with regexes, but
"ctl:ruleRemoveTargetById" does not seem to.

Example of trying to whitelist cookies from certain CRS rules:

- This rule works (when the cookie name is "wp-settings-76")
SecAction "phase:1,id:'13999',t:none,auditlog,log,pass,ctl:ruleRemoveTargetById=950901;REQUEST_COOKIES:wp-settings-76"

- This does not work (it doesn't seem to do apply a regex match):
SecAction "phase:1,id:'10071',t:none,auditlog,log,pass,ctl:ruleRemoveTargetById=950901;REQUEST_COOKIES:/^wp-settings/"


-RP

------------------------------------------------------------------------------
Free Next-Gen Firewall Hardware Offer
Buy your Sophos next-gen firewall before the end March 2013
and get the hardware for free! Learn more.
http://p.sf.net/sfu/sophos-d2d-feb
_______________________________________________
mod-security-users mailing list
mod-security-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
http://www.modsecurity.org/projects/commercial/rules/
http://www.modsecurity.org/projects/commercial/support/