Re: [mod-security-users] regex for matching urls
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] regex for matching urls
|
From: Peter W. <prw...@gm...> - 2005-03-07 18:16:04
|
Tom,
> Then it will match whether you use normalization or not. Better still:
>
> SecFilterSelective HTTP_Referer|ARGS
> "(ht|f)tps?:/{1,2}[\w\-_.]*poker[\w\-_.]*\.[a-z]{2,4}(/|$)"
>
Thanks for this. I had considered using {2,4} for the TLD... as far as
I know there aren't any TLD's with length > 4, but it could always
happen, which is why I had left that as just {2,}... also I'd
personally prefer to be a bit liberal as to what can appear before the
:// in a URL... you never know what crazy schemes attackers will think
up...
Peter
--
Peter R. Wood | email: prw...@gm... | blog: http://prwdot.org/
|
