Re: [mod-security-users] Problem with pipe and @pmFromFile
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] Problem with pipe and @pmFromFile
|
From: <az...@po...> - 2021-06-04 17:50:18
|
So, when using @pmFromFile, at most 1 pipe per pattern can be matched? Citát Marc Stern <mar...@ap...>: > Hi Azur, > > With the @pm operator, the pipe character is used to encode bytes in > hexa, like |090a|. > When using only 1 pipe, it's not seen as this encoding character, > but with 2 well. > > You would need to encode the pipe to have it "escaped": aaa|7c|bbb|7c|ccc > That's the theory because the implementation is buggy and this doesn't work. > The only solution is to use a regex: "@rx aaa[|]bbb[|]ccc" > ... but you have to add another rule on top of your @pmFromFile one :-( > > On 03-06-2021 09:25, az...@po... wrote: >> Hi, >> >> i'm having problems with matching strings containing multiple pipe >> characters using @pmFromFile. For example, i'm able to match this >> pattern (with only 1 pipe): >> aaa|bbb >> >> >> But i'm unable to match this pattern (with multiple pipes): >> aaa|bbb|ccc >> >> Any hints what's wrong? Thanks. modsecurity 2.9.3, Apache 2.4. >> >> azur >> >> >> >> >> _______________________________________________ >> mod-security-users mailing list >> mod...@li... >> https://lists.sourceforge.net/lists/listinfo/mod-security-users >> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: >> http://www.modsecurity.org/projects/commercial/rules/ >> http://www.modsecurity.org/projects/commercial/support/ > > > > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ |
