[mod-security-users] XSS Rule -
Brought to you by:
victorhora,
zimmerletw
From: Norman V. <nv...@ho...> - 2006-12-07 20:16:45
|
Hello all, I am a new mod_security user and have two questions regarding the XSS rule id 50004. Here's the regex (2.0.1.1.1): (?:\b(?:on(?:(?:mo(?:use(?:o(?:ver|ut)|down|move|up)|ve)|key(?:press|dow n|up)|c(?:hange|lick)|s(?:elec|ubmi)t|(?:un)?load|dragdrop|resize|focus| blur)\b\W*?=3D|abort\b)|(?:l(?:owsrc\b\W*?\b(?:(?:java|vb)script|shell)|i= v escript)|(?:href|url)\b\W*?\b(?:(?:java|vb)script|shell)|mocha):|type\b\ W*?\b(?:text\b(?:\W*?\b(?:j(?:ava)?|ecma)script\b| [vbscript])|application\b\W*?\bx-(?:java|vb)script\b)|s(?:(?:tyle\b\W*=3D= . *\bexpression\b\W*|ettimeout\b\W*?)\(|rc\b\W*?\b(?:(?:java|vb)script|she ll|http):)|(?:c(?:opyparentfolder|reatetextrange)|get(?:special|parent)f older|background-image:|@import)\b|a(?:ctivexobject\b|lert\b\W*?\())|<(? :(?:body\b.*?\b(?:backgroun|onloa)d|input\b.*?\\btype\b\W*?\bimage)\b|!\ [CDATA\[|script|meta)|.(?:(?:execscrip|addimpor)t|(?:fromcharcod|cooki)e |innerhtml)\b) Question 1: What is @import trying to address? It will block nv...@im.... Question 2: If I modified the rule by redirecting to error.jsp and added sanitiseMatched to prevent looping, are there any issues when redirecting to a dynamic page using a relative URL? Norm Vilmer Sr. Programmer Analyst - Hotels.com |