Re: [mod-security-users] Regex in a Variable?
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] Regex in a Variable?
|
From: Macks, A. <am...@ha...> - 2013-11-04 20:48:05
|
That did it, thanks. I'd tried double-quotes but didn't think to look at singles A On Nov 3, 2013, at 10:17 AM, Josh Amishav-Zlatin <ja...@ow...<mailto:ja...@ow...>> wrote: On Fri, Nov 1, 2013 at 5:23 PM, Macks, Aaron <am...@ha...<mailto:am...@ha...>> wrote: I've got a bunch of rule-exceptions that need to allow multiple problematic-looking but valid arguments (or cookies). The naive way to do that is: !ARGS:/^addresses/|!ARGS:items|!ARGS:shippingInfo I tried putting that as a single rule REGEX: !ARGS:/^(addresses|items|:shippingInfo)/ but it parsed the pipe as "next variable" and threw some errors*. Is there a way to quote a regex in that section of config, or do i need to do it the naive way? Hi Aaron, You could use single quotes around your regex, e.g.: SecRuleUpdateTargetById 12345 !ARGS:'/^(addresses|items|shippingInfo)$/' -- - Josh ------------------------------------------------------------------------------ Android is increasing in popularity, but the open development platform that developers love is also attractive to malware creators. Download this white paper to learn more about secure code signing practices that can help keep Android apps secure. http://pubads.g.doubleclick.net/gampad/clk?id=65839951&iu=/4140/ostg.clktrk_______________________________________________ mod-security-users mailing list mod...@li... https://lists.sourceforge.net/lists/listinfo/mod-security-users Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: http://www.modsecurity.org/projects/commercial/rules/ http://www.modsecurity.org/projects/commercial/support/ -- Aaron Macks Systems Architect Harvard Business Publishing 300 North Beacon St. | Watertown, MA 02472 (617) 783-7461 | Fax: (617) 783-7467 www.harvardbusiness.org<http://www.harvardbusiness.org> | Cell:(978) 317-3614 |
