Thread: [Mod-security-developers] [JIRA] Closed: (MODSEC-184) New RegEx operator that allows for data subst
Brought to you by:
victorhora,
zimmerletw
From: Ryan B. (JIRA) <no...@mo...> - 2011-02-23 20:32:18
|
[ https://www.modsecurity.org/tracker/browse/MODSEC-184?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Ryan Barnett closed MODSEC-184. ------------------------------- Resolution: Fixed > New RegEx operator that allows for data substitution > ---------------------------------------------------- > > Key: MODSEC-184 > URL: https://www.modsecurity.org/tracker/browse/MODSEC-184 > Project: ModSecurity > Issue Type: New Feature > Security Level: Normal > Components: Operators > Affects Versions: 2.5.13 > Reporter: Ryan Barnett > Assignee: Breno Silva Pinto > Priority: High > Fix For: 2.6.0 > > > Currently, the PCRE engine in ModSecurity is *matching only*. It would be useful to have a new operator that would allow for a data substitution expression. This data modification capability may only be doable once we implement stream inspection mode (https://www.modsecurity.org/tracker/browse/MODSEC-147) and act as a Filter. If we do, then we could use a rule like this - > SecRule STREAM_RESPONSE "@rx_sub s/<!-.*-->//g" "phase:rawresponse,t:none,log,pass,msg:'Removed HTML Comment Data.'" > This would use the @rx_sub operator to do data substitution and strip out raw data from the response body. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: https://www.modsecurity.org/tracker/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira |
From: Ryan B. (JIRA) <no...@mo...> - 2011-02-23 20:33:47
|
[ https://www.modsecurity.org/tracker/browse/MODSEC-184?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Ryan Barnett closed MODSEC-184. ------------------------------- Resolution: Fixed changed Security level to normal > New RegEx operator that allows for data substitution > ---------------------------------------------------- > > Key: MODSEC-184 > URL: https://www.modsecurity.org/tracker/browse/MODSEC-184 > Project: ModSecurity > Issue Type: New Feature > Security Level: Normal > Components: Operators > Affects Versions: 2.5.13 > Reporter: Ryan Barnett > Assignee: Breno Silva Pinto > Priority: High > Fix For: 2.6.0 > > > Currently, the PCRE engine in ModSecurity is *matching only*. It would be useful to have a new operator that would allow for a data substitution expression. This data modification capability may only be doable once we implement stream inspection mode (https://www.modsecurity.org/tracker/browse/MODSEC-147) and act as a Filter. If we do, then we could use a rule like this - > SecRule STREAM_RESPONSE "@rx_sub s/<!-.*-->//g" "phase:rawresponse,t:none,log,pass,msg:'Removed HTML Comment Data.'" > This would use the @rx_sub operator to do data substitution and strip out raw data from the response body. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: https://www.modsecurity.org/tracker/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira |