Re: [mod-security-users] Problem with @ sign in match expressions
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] Problem with @ sign in match expressions
|
From: Ryan B. <Ryan.Barnett@Breach.com> - 2007-10-16 20:31:05
|
Did you try and increase the debug log level and review the log? This will help to identify what the data looks like post-transformation function. --=20 Ryan C. Barnett ModSecurity Community Manager Breach Security: Director of Training Web Application Security Consortium (WASC) Member CIS Apache Benchmark Project Lead SANS Instructor, GCIA, GCFA, GCIH, GSNA, GCUX, GSEC Author: Preventing Web Attacks with Apache =20 =20 > -----Original Message----- > From: mod...@li... [mailto:mod- > sec...@li...] On Behalf Of Mark Krenz > Sent: Tuesday, October 16, 2007 4:17 PM > To: mod...@li... > Subject: [mod-security-users] Problem with @ sign in match expressions >=20 >=20 > I talked with VictorJ on the IRC channel about this and he was stumped > by it and suggested I write the list. I'm using mod_security 2.1.3 on > Apache 2.0.59. >=20 > When I use this rule, it does not deny attempts to submit a form with > an address of te...@ma... as the value for one of the form elements. >=20 > SecRule REQUEST_BODY "\@(mail|list)\.ru" \ > "log,deny,msg:'Russian account spammer',id:910008,severity:4" >=20 > However if I remove the \@ part of the expression or use something > simular without the \@, it matches properly. >=20 > I looked throught he documentation and couldn't find any mention of the > @ sign other than using it for functions. So there seems to bug in > matching the @ sign. >=20 > Thanks, > Mark >=20 > -- > Mark S. Krenz > IT Director > Suso Technology Services, Inc. > http://suso.org/ >=20 > ------------------------------------------------------------------------ - > This SF.net email is sponsored by: Splunk Inc. > Still grepping through log files to find problems? Stop. > Now Search log events and configuration files using AJAX and a browser. > Download your FREE copy of Splunk now >> http://get.splunk.com/ > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users |