[Mod-security-rules] Rule 950901 needs to be more specific
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
[Mod-security-rules] Rule 950901 needs to be more specific
|
From: Benjamin F. <ben...@ya...> - 2011-07-03 00:14:37
|
Hi I've been having some trouble with rule 950901, because it essentialy matches any single sentence that includes an "and" or "or". The rule's regex is currently as follows: \b(\d+) ?(?:=|<>|<=>|<|>|!=) ?\1\b|[\'\"\`\´\’\‘](\d+)[\'\"\`\´\’\‘] ?(?:=|<>|<=>|<|>|!=) ?[\'\"\`\´\’\‘]\2\b|[\'\"\`\´\‘](\w+)[\'\"\`\´\’\‘] ?(?:=|<>|<=>|<|>|!=) ?[\'\"\`\´\’\‘]\3\b|([\'\"\;\`\´\’\‘]*)?\s+(and|or)\s+([\s\'\"\`\´\’\‘]*)?\w+([\s\'\"\`\´\’\‘]*)?[=<>!]+([\s\'\"\`\´\’\‘]*)?\w+([\s\'\"\`\´\’\‘]*)? I suggest changing the rule to: \b(\d+) ?(?:=|<>|<=>|<|>|!=) ?\1\b|[\'\"\`\´\’\‘](\d+)[\'\"\`\´\’\‘] ?(?:=|<>|<=>|<|>|!=) ?[\'\"\`\´\’\‘]\2\b|[\'\"\`\´\‘](\w+)[\'\"\`\´\’\‘] ?(?:=|<>|<=>|<|>|!=) ?[\'\"\`\´\’\‘]\3\b|([\'\"\;\`\´\’\‘]*)?\s+(and|or)\s+([\s\'\"\`\´\’\‘]*)?\w+([\s\'\"\`\´\’\‘]*)?(?:=|<>|<=>|<|>|!=)([\s\'\"\`\´\’\‘]*)?\w+([\s\'\"\`\´\’\‘]*)? As the operator list is not specific enough and matches any "and|or" preceded with a space and followed by anything. Regards Benjamin |
