Re: [Mod-security-developers] Macro expansion in operators
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [Mod-security-developers] Macro expansion in operators
|
From: Felipe C. <FC...@tr...> - 2019-02-11 13:42:59
|
I've got your point. Personally, I don't like this approach as it may be confusing to debug the rules, but I understand your point. Yes, a patch will be welcome 😉 Br., Felipe "Zimmerle" Costa Security Researcher, Lead Developer ModSecurity m: +55 81.98706.5547 [signature_480191669] www.trustwave.com<http://www.trustwave.com/> Recognized by industry analysts as a leader in managed security services.<https://www.trustwave.com/company/about-us/accolades/> ________________________________ From: Marc Stern <mar...@ap...> Sent: Thursday, February 7, 2019 6:24 AM To: mod...@li... Subject: Re: [Mod-security-developers] Macro expansion in operators The main goal is to be able to extend a pattern incrementally. This is especially useful in shared environments, but not limited to this case. Example: you define you general policy to accept only certain characters SecRule ARGS "@validateByteRange 32-90" In a location, you want an exception to accept some additional characters (CR/LF): <Location /...> SecRule ARGS "@validateByteRange 10,13,32-90" </Location> In case you extend your global policy (let's say 32-95), your exception doesn't follow it. You are obliged to keep them aligned (you'll forget to do this if they are disseminated in several files). The solution could be: SecAction "phase:1,setvar:tx.allowedRange=32-90" <Location /...> SecAction "phase:2,setvar:tx.allowedRange=%{tx.allowedRange},10,13" </Location> SecRule ARGS "@validateByteRange %{tx.allowedRange}" "phase:2,..." Same for ipMatch Marc On 05-02-19 17:54, Felipe Costa wrote: Hi Marc, There is no specific reason. As there is a computational cost for macro expansion, we may have it only where/when it is extremely necessary. Do you have a specific use case? Br., Felipe "Zimmerle" Costa Security Researcher, Lead Developer ModSecurity ________________________________ From: Marc Stern <mar...@ap...><mailto:mar...@ap...> Sent: Friday, February 1, 2019 12:16:20 PM To: mod...@li...<mailto:mod...@li...> Subject: [Mod-security-developers] Macro expansion in operators Can somebody explain me why the operators below don't perform macro expansion; they're using plain strings, not pre-calculated patterns: - ipMatch - validateByteRange Would a pull request implementing this be accepted? Marc Stern _______________________________________________ mod-security-developers mailing list mod...@li...<mailto:mod...@li...> https://scanmail.trustwave.com/?c=4062&d=3bHU3PIPIuUQrzOmOziiUcqWOyJFIV2loAPuiTrUlA&s=5&u=https%3a%2f%2flists%2esourceforge%2enet%2flists%2flistinfo%2fmod-security-developers<https://scanmail.trustwave.com/?c=4062&d=57nc3DspNU5aOwZsU4--G33vqxJuRzh_IAF3WDNkmw&s=5&u=https%3a%2f%2flists%2esourceforge%2enet%2flists%2flistinfo%2fmod-security-developers> ModSecurity Services from Trustwave's SpiderLabs: https://www.trustwave.com/spiderLabs.php |
