Re: [mod-security-users] Feature Requests (was: Re: Release of remo0.1.3)
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] Feature Requests (was: Re: Release of remo0.1.3)
|
From: Christian F. <chr...@ti...> - 2007-03-21 09:49:32
|
Hi Ofer,
thank you for your hints. I love feature requests that are
already implemented.
Quoting helps a lot. It works now, but the notation is a bit
awkward, as I had to escape the \d twice:
SecRule "ARGS:'/^uid_\\\d{1,5}$/'" ...
Actually "ARGS:'/^uid_[0-9]{1,5}$/'" works without any hassle though.
The double quotes seem to to be optional, but the
single quotes are a must.
Maybe single quoting of selector regexes should be pointed out in the
documentation. Possibly on page 30, where ARGS:/^id_/ is being introduced.
thank you once more,
Christian Folini
On Tue, Mar 20, 2007 at 06:23:38PM -0400, Ofer Shezaf wrote:
> Regarding the 2nd request, I think that you only need to add quotes:
>
> "ARGS:'/^uid_\d{1,5}$/'"
>
> I did not test this specifically today, but in a blog entry back in
> December
> I used a similar construct and worked fine:
>
> SecRule "&REQUEST_HEADERS:'/^(?i)x[-_]a{9,12}$/'" "@gt 0"
>
> I don't know if you need the double quotes also or only the single
> quotes.
>
> See:
> http://www.modsecurity.org/blog/archives/2006/12/using_modsecuri.html
>
> ~ Ofer
>
>
>
>
> > -----Original Message-----
> > From: mod...@li... [mailto:mod-
> > sec...@li...] On Behalf Of Christian
> > Folini
> > Sent: Monday, March 19, 2007 7:16 PM
> > To: Ivan Ristic
> > Cc: mod...@li...
> > Subject: [mod-security-users] Feature Requests (was: Re: Release of
> > remo0.1.3)
> >
> > On Thu, Mar 15, 2007 at 02:09:55PM +0000, Ivan Ristic wrote:
> > > >I have one or two feature requests for Mod. Should I post them to
> > the
> > > >list or to you in a private message?
> > >
> > > The list please.
> >
> > So here we go. I have two feature requests.
> >
> > - Seperate collections for query string parameters and post payload
> > arguments.
> > ARGS is a handy collection, but for a whitelist policy, I want to be
> > exact and right now I have to do a special hack with every post
> > parameter to make sure it is not submitted as query string argument
> > (and vice-versa). Seperate collections simplify my rulesets.
> > - Regex ranges in selection operator
> > While ARGS:/^uid_\d$/ works as selector ARGS:/^uid_\d{1,5}$/ does
> > not.
> > In fact I get the following during restart.
> > Error creating rule: Unknown variable: 5}$/
> > (ModSecurity 2.1.0)
> > It would be very cool if this would syntax would work.
> >
> >
> > Otherwise, after two months of remo, I am very much pleased with the
> > possibilities of the ModSecurity rules language.
> >
> > regards,
> >
> > Christian
> >
> > --
> > chr...@ne... - http://www.netnea.com
> >
> >
> >
> >
> >
> -----------------------------------------------------------------------
> > --
> > Take Surveys. Earn Cash. Influence the Future of IT
> > Join SourceForge.net's Techsay panel and you'll get the chance to
> share
> > your
> > opinions on IT & business topics through brief surveys-and earn cash
> >
> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVD
> > EV
> > _______________________________________________
> > mod-security-users mailing list
> > mod...@li...
> > https://lists.sourceforge.net/lists/listinfo/mod-security-users
|
