Re: [mod-security-users] regular expressions
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] regular expressions
|
From: Brian R. <Bri...@br...> - 2007-11-09 17:50:59
|
Hi Ken, Thanks for your feedback. See my comments inline... Ken Senior wrote: > Can anyone give advice for demystifying regular expressions in > Modsecurity? I know regular expressions in certain contexts, but not in > modsecurity. It would be really nice to include at least something in > the manual on this. For example, > > !^apache.*perl > > What does this mean? Does it mean NOT matching "apache" OR "perl". If The '!' negates the regex as your have correctly stated. This is actually in the docs for SecRule, but needs improved. The '^' anchors the match to the start of the string. The '.' means "any character" and the '*' means "zero or more of the preceding match" which is a '.' in this case and thus '.*' means "anything, including nothing". The entire regex means: Does not match the word "apache" at the start of the string followed by the word "perl" anywhere after that. > so, I'd like to add wget to the list. So, would this be: > > !^apache.*perl.*wget An OR is '|'. For example: !(?:^apache.*perl|wget) The '(?:<regex>)' groups a subregex without capturing the results. A (<regex>) does the same, but captures the results. The ?: version is just more efficient if you do not need the captured results. This regex then means: Does not match the word "apache" at the start of the string followed by the word "perl" anywhere after that NOR the word "wget" anywhere in the string. Hope that helps a bit. But you should consider reading the perl compatible regular expressions docs. http://perldoc.perl.org/perlre.html -B -- Brian Rectanus Breach Security |
