|
From: Breno S. P. (JIRA) <no...@mo...> - 2011-04-25 20:03:00
|
[ https://www.modsecurity.org/tracker/browse/MODSEC-231?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Breno Silva Pinto resolved MODSEC-231.
--------------------------------------
Resolution: Fixed
Fixed.
> Incorrect logging (and possibly behaviour) when using MATCHED_VARS
> ------------------------------------------------------------------
>
> Key: MODSEC-231
> URL: https://www.modsecurity.org/tracker/browse/MODSEC-231
> Project: ModSecurity
> Issue Type: Bug
> Security Level: Normal
> Affects Versions: 2.6.0
> Reporter: Ivan Ristic
> Assignee: Breno Silva Pinto
> Fix For: 2.6.0
>
>
> For this rule:
> SecRule ARGS "xxx" chain,phase:1,log,pass
> SecRule MATCHED_VARS "yyy" chain
> SecRule MATCHED_VARS "zzz"
> The debug log output is:
> Recipe: Invoking rule 10302ed40; [file "/Users/ivanr/local/httpd/conf/m.conf"] [line "26"].
> Rule 10302ed40: SecRule "MATCHED_VARS" "@rx yyy" "chain"
> Set variable "MATCHED_VARS:a" value "xxxyyy" size 6 to collection.
> Set variable "MATCHED_VARS:b" value "xxxyyy" size 6 to collection.
> Expanded "MATCHED_VARS" to "MATCHED_VARS:a|MATCHED_VARS:b".
> Transformation completed in 1 usec.
> Executing operator "rx" with param "yyy" against MATCHED_VARS:a.
> Target value: "xxxyyy"
> Operator completed in 3 usec.
> Transformation completed in 1 usec.
> Executing operator "rx" with param "yyy" against &MATCHED_VARS:b.
> Notice above the message says against &MATCHED_VARS:b, but why is the & there?
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://www.modsecurity.org/tracker/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
|
