|
From: Ryan B. (JIRA) <no...@mo...> - 2011-02-23 20:49:09
|
[ https://www.modsecurity.org/tracker/browse/MODSEC-147?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ryan Barnett closed MODSEC-147.
-------------------------------
Resolution: Fixed
> Basic streaming detection on raw request/response
> -------------------------------------------------
>
> Key: MODSEC-147
> URL: https://www.modsecurity.org/tracker/browse/MODSEC-147
> Project: ModSecurity
> Issue Type: New Feature
> Security Level: Normal
> Components: Core
> Reporter: Brian Rectanus
> Assignee: Breno Silva Pinto
> Fix For: 2.6.0
>
>
> I'd like to begin the process of streaming inspection. Initially only on the raw request and response (i.e. connection level filter data).
> See MODSEC-17 and MODSEC-18 for the basic ideas.
> Here, I only want these to work:
> SecStreamInspect REQUEST "@pmf huge-prequal-list.dat" "nolog,pass,setvar:TX.prequal=1"
> SecStreamInspect RESPONSE "@verifyCC \b(\d{13,16})\b" "log,drop,msg='CC# detected in response',sanitizeMatchedBytes"
> Or maybe these are better:
> SecRule STREAM_REQUEST "@pmf huge-prequal-list.dat" "phase:rawrequest,nolog,pass,setvar:TX.prequal=1"
> SecRule STREAM_RESPONSE "@verifyCC \b(\d{13,16})\b" "phase:rawresponse,log,drop,msg='CC# detected in response',sanitizeMatchedBytes"
> sanitizeMatchedBytes (MODSEC-146) MUST sanitize (x out) all of the bytes that matched.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://www.modsecurity.org/tracker/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
|
