Re: [mod-security-users] Problem with pipe and @pmFromFile
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] Problem with pipe and @pmFromFile
|
From: Marc S. <mar...@ap...> - 2021-06-04 08:49:10
|
Hi Azur, With the @pm operator, the pipe character is used to encode bytes in hexa, like |090a|. When using only 1 pipe, it's not seen as this encoding character, but with 2 well. You would need to encode the pipe to have it "escaped": aaa|7c|bbb|7c|ccc That's the theory because the implementation is buggy and this doesn't work. The only solution is to use a regex: "@rx aaa[|]bbb[|]ccc" ... but you have to add another rule on top of your @pmFromFile one :-( On 03-06-2021 09:25, az...@po... wrote: > Hi, > > i'm having problems with matching strings containing multiple pipe > characters using @pmFromFile. For example, i'm able to match this > pattern (with only 1 pipe): > aaa|bbb > > > But i'm unable to match this pattern (with multiple pipes): > aaa|bbb|ccc > > Any hints what's wrong? Thanks. modsecurity 2.9.3, Apache 2.4. > > azur > > > > > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ |
