Thread: [mod-security-users] Apache Regular Expressions
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
mod-security-users
|
From: Rudi S. <te...@wi...> - 2005-02-08 06:23:31
|
Hello, I"m trying to write a Regular expression without any joy, so I thought I'd ask for some help. At this stage the first thing I want to do is match a request using the <Files> Directive. My URLs look like http://www.myserver.com/members.main http://www.myserver.com/members.login I would like to match every request *not* containing the word login on the end: This is what I have and it is not working how I would like. <Files ~ "/[^(login)]$/"> or even <Files ~ "/[^(login)]/"> I'm want to do this so I can sort my Folders for a client with some weird setup. Can you see where I am going wrong ? Many thanks Best Regards Rudi |
|
From: Fred S. <fr...@me...> - 2005-02-08 12:42:27
|
Hi, As far as I know, you can't do this in apache. The way the Files or FilesMatch directive works, its logic won't support a logical not (its matching mechanism only gets triggered by a match). Modsecurity does support the "!" as the inversion operator, so it would be fairly easy to construct <Location /foo> SecFilterSelective REQUEST_URI !members </Location> I've only been using modsec for a few days now, so if there's a way to do it more elegantly, feel free to correct me. On Tue, 8 Feb 2005, Rudi Starcevic wrote: > Hello, > > I"m trying to write a Regular expression without any joy, so I thought I'd > ask for some help. > > At this stage the first thing I want to do is match a request using the > <Files> Directive. > > My URLs look like > > http://www.myserver.com/members.main > http://www.myserver.com/members.login > > I would like to match every request *not* containing the word login on the > end: > > This is what I have and it is not working how I would like. > > <Files ~ "/[^(login)]$/"> > or even > <Files ~ "/[^(login)]/"> > > I'm want to do this so I can sort my Folders for a client with some weird > setup. > > Can you see where I am going wrong ? > Many thanks > Best Regards > Rudi > > > > > ------------------------------------------------------- > SF email is sponsored by - The IT Product Guide > Read honest & candid reviews on hundreds of IT Products from real users. > Discover which products truly live up to the hype. Start reading now. > http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > -- Fred Stutzman Desk: 962-5646 Cell: 260-8508 www.ibiblio.org |
|
From: Tom A. <tan...@oa...> - 2005-02-08 13:05:54
|
On Tue, 2005-02-08 at 19:21, Rudi Starcevic wrote: > My URLs look like > > http://www.myserver.com/members.main > http://www.myserver.com/members.login > > I would like to match every request *not* containing the word login on > the end: > > This is what I have and it is not working how I would like. > > <Files ~ "/[^(login)]$/"> > or even > <Files ~ "/[^(login)]/"> That says to accept all characters except: l o g i n ( ) In rewrite rules and mod_sec, you negate a regex like this: "!(login)$". See the exclamation point in the front? In Perl, you would do this: "(?<!login)$" or "\.(?!login)$", which in the first case is a negative lookbehind on the end terminator, while the latter is a negative lookahead on the period. Try them... I don't know which if any of them work. Tom |
|
From: Ivan R. <iv...@we...> - 2005-02-08 13:47:16
|
> In Perl, you
> would do this: "(?<!login)$"
The above works in Apache 2.0.52 (which has a different regex engine
from Apache 1.x BTW). I used it with <FilesMatch>:
<FilesMatch "(?<!login)$">
Order Allow,Deny
Deny from all
</FilesMatch>
The second suggestion does not work for me.
--
Ivan Ristic (http://www.modsecurity.org)
|
|
From: Tom A. <tan...@oa...> - 2005-02-08 15:20:56
|
----- Original Message ----- From: "Ivan Ristic" <iv...@we...> >> In Perl, you >> would do this: "(?<!login)$" > > The above works in Apache 2.0.52 (which has a different regex engine > from Apache 1.x BTW). I used it with <FilesMatch>: > > <FilesMatch "(?<!login)$"> > Order Allow,Deny > Deny from all > </FilesMatch> > > The second suggestion does not work for me. Indeed, it probably shouldn't with the end terminator included, since the period would have to be the last character. Trying <FilesMatch "\.(?!login)"> would probably do it though, as it would match any file that has a period not followed by "login". I have to imagine that if Apache recognizes a negative lookbehind, it would recognize a negative lookahead, since the latter is older and more established. In any event, if the first suggestion worked, then that should be sufficient for finding all files that do not end with "login". I'm glad to hear that Apache's regex engine is so advanced. Tom |
|
From: Rudi S. <te...@wi...> - 2005-02-09 03:25:41
|
Hi, Thanks for the replies. Unfortunately none of them would work for me on my machine. Sample URLs: http://www.myserver.com/members.login http://www.myserver.com/members.main http://www.myserver.com/members.stream http://www.myserver.com/members.cat So instead of using a *not* reg ex I'll go the other way: Use this to find matches: <Files ~ "(main|movie|dvd4abuck|latest|popular|cat|stream|vote|movie|upcoming|wildpass|allcontent2)$"> Instead of finding *not* matches <FilesMatch "(?<!login)$"> Not what I was exactly after but it does exactly what I need Cheers Rudi Ivan Ristic wrote: > >> In Perl, you >> would do this: "(?<!login)$" > > > The above works in Apache 2.0.52 (which has a different regex engine > from Apache 1.x BTW). I used it with <FilesMatch>: > > <FilesMatch "(?<!login)$"> > Order Allow,Deny > Deny from all > </FilesMatch> > > The second suggestion does not work for me. > |
|
From: Eli <eli...@ex...> - 2005-02-09 03:58:10
|
Rudi wrote:
> So instead of using a *not* reg ex I'll go the other way:
>
> Use this to find matches:
> <Files ~
"(main|movie|dvd4abuck|latest|popular|cat|stream|vote|movie|upcoming|wildpas
s|allcontent2)$">
>
> Instead of finding *not* matches
> <FilesMatch "(?<!login)$">
Untested, but if Apache allows this trick (which is POSIX regex compatible
even), it should technically do the trick:
<Files ~ "(login){0}$">
The {0} specifies that it should *NOT* find "login" at the end of the line.
Eli.
|
Thanks for helping keep SourceForge clean.
X