Re: [mod-security-users] Feature Requests (was: Re: Release of remo0.1.3)

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Regarding the 2nd request, I think that you only need to add quotes:

"ARGS:'/^uid_\d{1,5}$/'"=20

I did not test this specifically today, but in a blog entry back in
December=20
I used a similar construct and worked fine:

SecRule "&REQUEST_HEADERS:'/^(?i)x[-_]a{9,12}$/'" "@gt 0"

I don't know if you need the double quotes also or only the single
quotes.

See:
http://www.modsecurity.org/blog/archives/2006/12/using_modsecuri.html

~ Ofer

> -----Original Message-----
> From: mod...@li... [mailto:mod-
> sec...@li...] On Behalf Of Christian
> Folini
> Sent: Monday, March 19, 2007 7:16 PM
> To: Ivan Ristic
> Cc: mod...@li...
> Subject: [mod-security-users] Feature Requests (was: Re: Release of
> remo0.1.3)
>=20
> On Thu, Mar 15, 2007 at 02:09:55PM +0000, Ivan Ristic wrote:
> > >I have one or two feature requests for Mod. Should I post them to
> the
> > >list or to you in a private message?
> >
> > The list please.
>=20
> So here we go. I have two feature requests.
>=20
> - Seperate collections for query string parameters and post payload
>   arguments.
>   ARGS is a handy collection, but for a whitelist policy, I want to be
>   exact and right now I have to do a special hack with every post
>   parameter to make sure it is not submitted as query string argument
>   (and vice-versa).  Seperate collections simplify my rulesets.
> - Regex ranges in selection operator
>   While ARGS:/^uid_\d$/ works as selector ARGS:/^uid_\d{1,5}$/ does
> not.
>   In fact I get the following during restart.
> 	  Error creating rule: Unknown variable: 5}$/
> 	  (ModSecurity 2.1.0)
>   It would be very cool if this would syntax would work.
>=20
>=20
> Otherwise, after two months of remo, I am very much pleased with the
> possibilities of the ModSecurity rules language.
>=20
> regards,
>=20
> Christian
>=20
> --
> chr...@ne...          -        http://www.netnea.com
>=20
>=20
>=20
>=20
>
-----------------------------------------------------------------------
> --
> Take Surveys. Earn Cash. Influence the Future of IT
> Join SourceForge.net's Techsay panel and you'll get the chance to
share
> your
> opinions on IT & business topics through brief surveys-and earn cash
>
http://www.techsay.com/default.php?page=3Djoin.php&p=3Dsourceforge&CID=3D=
DEVD
> EV
> _______________________________________________
> mod-security-users mailing list
> mod...@li...
> https://lists.sourceforge.net/lists/listinfo/mod-security-users