Re[3]: [mod-security-users] escape character problem - mod_security v1.9.2
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re[3]: [mod-security-users] escape character problem - mod_security v1.9.2
|
From: <gyo...@hi...> - 2006-05-19 09:42:52
|
Thank Ivan. I tested this rule. ### SecFilterSelective ARG_parameter1 "\\\"" ### It filters all messages which includes character ", For example, 1, eewre" 2, \\\\\" 3, wert"dfgdf 4, fdf\\"dfgsd I thought that the character \ was ignored. Still need your help. Thanks again. >> Hi all: >> >> I am using mod_security 1.9.2 and Apache 2.0.55(Win32). >> The server and client OS are Windows XP Pro SP2(Japanese). >> Client browser is IE 6.0 SP2. >> >> Here is my problem. I want mod_security to filter a combined character \"(escape + double quotation). >> I set modsecurity.conf like below. >> >> ## >> SecFilterSelective POST_PAYLOAD "&ARG_parameter1=" chain >> SecFilter "&ARG_parameter1=\\\"&" >> ## >> >> I thought that regex patern \\\" can match string \". Unfortunately, It doesn't work at all. > >It can, you just need to write the correct rule ;) > >Here it is: > > SecFilterSelective ARG_parameter1 "\\\"" > > >> But if you set modsecurity.conf like this, >> >> ## >> SecFilterSelective POST_PAYLOAD "&ARG_parameter1=" chain >> SecFilter "\\\"" >> ## >> >> It works well. > >Except if parameter1 is the first parameter in the payload, in which >case it doesn't. It also matches cases when \" appears in some other >parameter. > >-- >Ivan Ristic, Technical Director >Thinking Stone, http://www.thinkingstone.com >ModSecurity: Open source Web Application Firewall > |
