Re: [mod-security-users] problem with SecFilter "<(.|\n)+>"

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Thomas B=F6rnert wrote:
> Hi List,
>=20
> I've a problem with the following URL:
>=20
> http://www.domain.de/module/lauftext.swf?text=3D%3Cb%3ENeu%3A+F%C3%B6rd=
er-
> +und+Siebrinnen+VCS%3C%2Fb%3E+-+Sch%C3%BCttg%C3%BCter+kostensparend
> +transportieren&link=3Dverfahrenstechnik%2Frinnen%2Fvcs%2F%3Fde
>=20
> i found no "." and no "\n" in the URL. Why matches mod_security
> this URL by this Rule ?

   That's because . is a special character in regular expressions,
   and stands for any one character (except for \n in some cases).

   In your case the rule matched <b>

[www.domain.de/sid#8269140][rid#830cd88][/module/lauftext.swf] Checking
against "/module/lauftext.swf?text=3D<b>Neu: F\xc3\xb6rder- und Siebrinne=
n
VCS</b> - Sch\xc3\xbcttg\xc3\xbcter kostensparend
transportieren&link=3Dverfahrenstechnik/rinnen/vcs/?de"

   See here for more information about regular expressions:

   http://www.pcre.org/

--=20
Ivan Ristic
Apache Security (O'Reilly) - http://www.apachesecurity.net
Open source web application firewall - http://www.modsecurity.org