20 Sep 15:16
Re: Filter question
Ivan Ristic <ivanr <at> webkreator.com>
2004-09-20 13:16:39 GMT
2004-09-20 13:16:39 GMT
Gerwin Krist -|- Digitalus Webhosting wrote: > Hello guys, > > I want the following filter but i can't figger it out exactly. > I want to check ARGS if there is http:// in it AND .txt OR.jpg OR .gif. > so it should match on all: > id=http://www.ddddd.br/dc.jpg > id=http://www.ddddd.br/dc.txt > id=http://www.ddddd.br/dc.jpg > > What should be the filter code to use? Try something like this: SecFilterSelective ARGS "(http:/).+(\.txt|\.jpg|\.gif)" ^1 ^2 1. Anti-evasion techniques mod_security uses will compress multiple forward slash characters to only one. 2. Because the dot character has a special meaning in regular expressions you will want to escape it to neutralise it. -- -- ModSecurity (http://www.modsecurity.org) [ Open source IDS for Web applications ] ------------------------------------------------------- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on(Continue reading)
RSS Feed