Re: [mod-security-users] Issues with "SecRuleUpdateTargetByTag" and Apache-Location
Brought to you by:
victorhora,
zimmerletw
From: Josh Amishav-Z. <ja...@ow...> - 2013-10-30 16:46:42
|
On Wed, Oct 30, 2013 at 3:57 PM, Jan Phillip Greimann <jg...@so...>wrote: > Hi Josh, > > I've got a second problem: > > SecRule REQUEST_FILENAME "^/../login$" > > "phase:1,id:1005,t:none,nolog,pass,ctl:ruleRemoveTargetByTag=OWASP_CRS/(WEB_ATTACK/(SQL_INJECTION|XSS|LDAP_INJECTION)|PROTOCOL_VIOLATION/EVASION);ARGS:login[password]" > > Hi Jan, As a workaround perhaps tweak the regex to bypass the problematic characters, e.g.: SecRule REQUEST_FILENAME "^/../login$" "phase:1,id:1005,t:none,nolog,pass,ctl:ruleRemoveTargetByTag=OWASP_CRS.*WEB_ATTACK.*SQL_INJECTION.XSS.LDAP_INJECTION.*PROTOCOL_VIOLATION.*EVASION.*;ARGS:login[password]" -- - Josh is one of my rules. In my logic it should work, but I get the following > error: > > Syntax error on line 23 of > /etc/modsecurity/modsecurity_crs_15_pre_custom.conf: > Error parsing actions: ModSecurity: Invalid regular expression > "OWASP_CRS/(WEB_ATTACK/(SQL_INJECTION" > Action 'configtest' failed. > The Apache error log may have more information. > failed! > > Where is the problem, in my opinion it's right. :-/ > > > > ------------------------------------------------------------------------------ > Android is increasing in popularity, but the open development platform that > developers love is also attractive to malware creators. Download this white > paper to learn more about secure code signing practices that can help keep > Android apps secure. > http://pubads.g.doubleclick.net/gampad/clk?id=65839951&iu=/4140/ostg.clktrk > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ > |