|
osdir.com mailing list archive |
|
Subject: RE: SelectiveFilter doesn't seem to work with // - msg#00080List: apache.mod-security.userHello, Thanks for your previous answer. I have an other question, Where can i find the list of characters that they need to put one "\" before, when i try to declare them in rules? Example: SecFilterSelective REQUEST_URI "/*" Deny SecFilterSelective REQUEST_URI "./" Deny SecFilterSelective REQUEST_URI "/." Deny SecFilterSelective REQUEST_URI "<" Deny etc. I have seen in your documentation that i have to set "\./" instead of "./", but i don't find the information for the others. Thanks a lot, Christophe -----Original Message----- From: Ivan Ristic [mailto:ivanr@xxxxxxxxxxxxxx] Sent: 27 January 2006 18:59 To: PERA, Christophe Cc: mod-security-users@xxxxxxxxxxxxxxxxxxxxx Subject: Re: [mod-security-users] SelectiveFilter doesn't seem to work with // PERA, Christophe wrote: > Hello, > > I try to implement the following rule but mod_sec doesn't match: > > SecFilterSelective REQUEST_URI "//" deny > > I don't understand because all other rules are well performed. > > Could you say me how to implement it? You can't, at least not yet. ModSecurity automatically compresses consecutive / characters into one - that's why yours does not match. FYI future releases are likely to allow you to configure exactly which normalisation methods to apply, and it will become possible to avoid the problem. -- Ivan Ristic, Technical Director Thinking Stone, http://www.thinkingstone.com Tel: +44 20 8141 2161, Fax: +44 87 0762 3934 This mail has originated outside your organization, either from an external partner or the Global Internet. Keep this in mind if you answer this message. This e-mail is intended only for the above addressee. It may contain privileged information. If you are not the addressee you must not copy, distribute, disclose or use any of the information in it. If you have received it in error please delete it and immediately notify the sender. Security Notice: all e-mail, sent to or from this address, may be accessed by someone other than the recipient, for system management and security reasons. This access is controlled under Regulation of Investigatory Powers Act 2000, Lawful Business Practises. ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642 Thread at a glance:
Previous Message by Date: click to view message previewActivate Mod_security only in selected vhostsHello all,I use Mod_security on a Debian Server with apache2.The mod works very well.My problem is I want to desactivate this mod_security on selected websites or activate only in some websites I choose. Is it possible via Vhosts or other methods?ThanksSee yaOXx Next Message by Date: click to view message previewRe: SelectiveFilter doesn't seem to work with //PERA, Christophe (SOGETI TRANSICIEL) wrote: > Hello, > > Thanks for your previous answer. > > I have an other question, > > Where can i find the list of characters that they need > to put one "\" before, when i try to declare them in rules? Apache 2.x uses the PCRE regex library. Its documentation is located at: http://www.pcre.org/pcre.txt Here's what it says on metacharacters: -------------------- There are two different sets of metacharacters: those that are recog- nized anywhere in the pattern except within square brackets, and those that are recognized in square brackets. Outside square brackets, the metacharacters are as follows: \ general escape character with several uses ^ assert start of string (or line, in multiline mode) $ assert end of string (or line, in multiline mode) . match any character except newline (by default) [ start character class definition | start of alternative branch ( start subpattern ) end subpattern ? extends the meaning of ( also 0 or 1 quantifier also quantifier minimizer * 0 or more quantifier + 1 or more quantifier also "possessive quantifier" { start min/max quantifier Part of a pattern that is in square brackets is called a "character class". In a character class the only metacharacters are: \ general escape character ^ negate the class, but only if the first character - indicates character range [ POSIX character class (only if followed by POSIX syntax) ] terminates the character class The following sections describe the use of each of the metacharacters. -------------------- -- Ivan Ristic, Technical Director Thinking Stone, http://www.thinkingstone.com ModSecurity: Open source Web Application Firewall ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642 Previous Message by Thread: click to view message previewActivate Mod_security only in selected vhostsHello all,I use Mod_security on a Debian Server with apache2.The mod works very well.My problem is I want to desactivate this mod_security on selected websites or activate only in some websites I choose. Is it possible via Vhosts or other methods?ThanksSee yaOXx Next Message by Thread: click to view message previewRe: SelectiveFilter doesn't seem to work with //PERA, Christophe (SOGETI TRANSICIEL) wrote: > Hello, > > Thanks for your previous answer. > > I have an other question, > > Where can i find the list of characters that they need > to put one "\" before, when i try to declare them in rules? Apache 2.x uses the PCRE regex library. Its documentation is located at: http://www.pcre.org/pcre.txt Here's what it says on metacharacters: -------------------- There are two different sets of metacharacters: those that are recog- nized anywhere in the pattern except within square brackets, and those that are recognized in square brackets. Outside square brackets, the metacharacters are as follows: \ general escape character with several uses ^ assert start of string (or line, in multiline mode) $ assert end of string (or line, in multiline mode) . match any character except newline (by default) [ start character class definition | start of alternative branch ( start subpattern ) end subpattern ? extends the meaning of ( also 0 or 1 quantifier also quantifier minimizer * 0 or more quantifier + 1 or more quantifier also "possessive quantifier" { start min/max quantifier Part of a pattern that is in square brackets is called a "character class". In a character class the only metacharacters are: \ general escape character ^ negate the class, but only if the first character - indicates character range [ POSIX character class (only if followed by POSIX syntax) ] terminates the character class The following sections describe the use of each of the metacharacters. -------------------- -- Ivan Ristic, Technical Director Thinking Stone, http://www.thinkingstone.com ModSecurity: Open source Web Application Firewall ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642 Loading Comments...
|
|
