Re: [mod-security-users] regex for matching urls
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] regex for matching urls
|
From: Peter W. <prw...@gm...> - 2005-03-07 20:24:13
|
I'm having someone help me test these rules. On my machine, this rule
matches just fine. On his machine, it doesn't match at all. He is
running mod_security 1.8.6, I'm running 1.8.7. Is there any difference
in between the two that might cause this not to match?
SecFilterSelective HTTP_Referer|ARGS
"[a-z]+:/[\w\-_.]*online[\w\-_.]*\.[a-z]{2,}"
Matches e.g. http://www.buy-online.com/ on my machine, but not on his.
- Peter
On Mon, 07 Mar 2005 16:58:26 +0000, Ivan Ristic <iv...@we...> wrote:
> Peter Wood wrote:
> > Ivan,
> >
> > Thanks for the response. Can you suggest any way to work around this
> > so that we can match 'http://'? Would '/{2}' work, or would that also
> > be normalized?
>
> Normalisation is not performed against the regex, only against
> the incoming data. In the regex just use "http:/" instead of
> "http://" and you should be fine.
>
> --
> Ivan Ristic
> Apache Security (O'Reilly) - http://www.apachesecurity.net
> Open source web application firewall - http://www.modsecurity.org
>
> -------------------------------------------------------
> SF email is sponsored by - The IT Product Guide
> Read honest & candid reviews on hundreds of IT Products from real users.
> Discover which products truly live up to the hype. Start reading now.
> http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
> _______________________________________________
> mod-security-users mailing list
> mod...@li...
> https://lists.sourceforge.net/lists/listinfo/mod-security-users
>
--
Peter R. Wood | email: prw...@gm... | blog: http://prwdot.org/
|
