Re: [mod-security-users] QUERY_STRING parsing error with some clients
Brought to you by:
victorhora,
zimmerletw
From: Ryan B. <RBa...@tr...> - 2011-04-13 21:16:31
|
You can also use single quotes around the regex - SecRule ARGS_GET:'/(abc|def)ghi/' "blah" -Ryan On 4/13/11 5:08 PM, "Brian Rectanus" <bre...@gm...> wrote: >The parser error is an Apache issue. Put the targets in quotes: > >"ARGS_GET:/(abc|def)ghi/" > >EX: > >SecRule "ARGS_GET:/(abc|def)ghi/" "blah" "..." > >-B > >On Wed, Apr 13, 2011 at 1:55 PM, Jonathan Marcil ><jon...@ph...> wrote: >> I tried something like that but since I have a lots of rules, a mass >> change could trigger a bug. Exemple: if I have a param that is called >> "a" then /a/ will match even "myparam". >> >> So I tried to have a more specific regex like : >> ARGS_GET:/^(amp;)?myparam2$/ >> without any luck. >> >> In fact, any thing complex will kind of break the regex and prints this >> out while parsing the configuration. >> >> ARGS_GET:/(abc|def)ghi/ >> gives : >> Error creating rule: Unknown variable: def)ghi/ >> >> >> >> >> On 11-04-13 04:21 PM, Ryan Barnett wrote: >>> If you are writing rules to target specific ARGS then you could use >>>the regex option like this which would match whether that amp; was >>>there or not- >>> >>> ARGS_GET:/myparam2/ >>> >>> >>> >>> On Apr 13, 2011, at 10:58 AM, "Jonathan Marcil" >>><jon...@ph...<mailto:jon...@ph...>> >>>wrote: >>> >>> ARGS_GET:amp;myparam2 >>> >>> ________________________________ >>> This transmission may contain information that is privileged, >>>confidential, and/or exempt from disclosure under applicable law. If >>>you are not the intended recipient, you are hereby notified that any >>>disclosure, copying, distribution, or use of the information contained >>>herein (including any reliance thereon) is STRICTLY PROHIBITED. If you >>>received this transmission in error, please immediately contact the >>>sender and destroy the material in its entirety, whether in electronic >>>or hard copy format. >> >> >>------------------------------------------------------------------------- >>----- >> Benefiting from Server Virtualization: Beyond Initial Workload >> Consolidation -- Increasing the use of server virtualization is a top >> priority.Virtualization can reduce costs, simplify management, and >>improve >> application availability and disaster protection. Learn more about >>boosting >> the value of server virtualization. http://p.sf.net/sfu/vmware-sfdev2dev >> _______________________________________________ >> mod-security-users mailing list >> mod...@li... >> https://lists.sourceforge.net/lists/listinfo/mod-security-users >> ModSecurity Services from Trustwave's SpiderLabs: >> https://www.trustwave.com/spiderLabs.php >> > This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. |