Re: [mod-security-users] Problem with Regex and SecFilterSelective
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] Problem with Regex and SecFilterSelective
|
From: Ivan R. <iv...@we...> - 2005-11-23 16:48:31
|
Bianca Brick wrote:
> Hi folks,
>
> i protect a webapplication with the latest 1.8 version of mod_security
> (exact version info is currently not at hand). Running on an Apache2.
> Upgrating to 1.9 is currently not possible.
>
> The following rule:
>
> SecFilterSelective ARG_text !(.{0,250}$)
>
> should match, if someone enters a text longer 250 characters. I want no
> limitation of the character set, because it is a free text field.
>
> However, if "&text" contains a %0D%0A, the signature matches, even if the
> content is smaller 250 chars.
>
> The logmessage is:
> "mod_security-message: Access denied with code 200. Pattern match
> "!(^.{0,250}$)" at CUSTOM"
>
> The request is a "POST" request. "SecFilterForceByteRange 1 255" is set.
>
> Is this a known bug, or result to a bad configuration?
> Is someone able to reproduce this?
I seem to remember trying to write a rule that uses {n,m} last
week and it didn't work as it was supposed to. So it may very
well be a bug of some kind. However, it is not likely to be a
bug in ModSecurity. ModSecurity uses the underlying regex library
that comes with Apache.
--
Ivan Ristic
Apache Security (O'Reilly) - http://www.apachesecurity.net
Open source web application firewall - http://www.modsecurity.org
|
