Re: filter html comments
Breno Silva <breno.silva <at> gmail.com>
2012-02-05 12:07:43 GMT
Hi otto we have a known bug that can be causing it. It is already
fixed for 2.6.4...if u want i can send u a tarball.
Thanks
breno
On 2/5/12, Otto Schlagmichtot <hx2680 <at> yahoo.com> wrote:
> hi,
>
> thank you for this update:
>
> i used this rule :
>
> SecRule STREAM_OUTPUT_BODY "@rsub s/<!--(.|\s)*?-->/ /" "phase:4,t:none,
> nolog, pass"
>
> and it seems to work. but the filtert lines were added below like:
>
> that's the quellcode:
>
> the html - comments:
> <html><body><h1>
> <!-- line 1 -->
> <!-- line 2 -->
>
> <!-- line 3
> line 4
> line 5
> -->
> It works!
> </h1></body></html>
> ____________________
>
> and the response in the browser after adding the SecRule:
>
> <html><body><h1>
>
>
>
> It works!
>
>
> </h1></body></html>
> line 4
> line 5
> -->
> It w
>
>
> Do you have any idea why the characters "line 4, line 5, --> and the It w"
> were attached?
>
> regards,
>
>
> ________________________________
> Von: Ryan Barnett <RBarnett <at> trustwave.com>
> An: Otto Schlagmichtot <hx2680 <at> yahoo.com>;
> "mod-security-users <at> lists.sourceforge.net"
> <mod-security-users <at> lists.sourceforge.net>
> Gesendet: 22:42 Donnerstag, 2.Februar 2012
> Betreff: Re: [mod-security-users] filter html comments
>
> The default PCRE behavior is that a dot character will match any character
> except a newline (\n). You should modify your regex to include (?s) like
> this -
>
> SecRule STREAM_OUTPUT_BODY "@rsub s/(?s)<!--.*?-->/ /"
> "phase:4,t:none,nolog,pass"
>
> -Ryan
>
> From: Otto Schlagmichtot <hx2680 <at> yahoo.com<mailto:hx2680 <at> yahoo.com>>
> Reply-To: Otto Schlagmichtot <hx2680 <at> yahoo.com<mailto:hx2680 <at> yahoo.com>>
> Date: Thu, 2 Feb 2012 15:01:52 -0600
> To:
> "mod-security-users <at> lists.sourceforge.net<mailto:mod-security-users <at> lists.sourceforge.net>"
> <mod-security-users <at> lists.sourceforge.net<mailto:mod-security-users <at> lists.sourceforge.net>>
> Subject: [mod-security-users] filter html comments
>
> Hi, i want to filter html comments in the response body. So i used this:
>
> SecContentInjection On
> SecResponseBodyAccess On
> SecStreamOutBodyInspection On
> SecRule STREAM_OUTPUT_BODY "@rsub s/<!--.*?-->/ /"
> "phase:4,t:none,nolog,pass"
>
> This works but not if i have more than one line... for example:
> <!—
> Bla
> Bla
> Bal
> -->
> and how could i resolve this problem with mod_security 2.5 ?
>
> regards, kai
>
> ________________________________
> This transmission may contain information that is privileged, confidential,
> and/or exempt from disclosure under applicable law. If you are not the
> intended recipient, you are hereby notified that any disclosure, copying,
> distribution, or use of the information contained herein (including any
> reliance thereon) is STRICTLY PROHIBITED. If you received this transmission
> in error, please immediately contact the sender and destroy the material in
> its entirety, whether in electronic or hard copy format.
------------------------------------------------------------------------------
Try before you buy = See our experts in action!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-dev2
_______________________________________________
mod-security-users mailing list
mod-security-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
http://www.modsecurity.org/projects/commercial/rules/
http://www.modsecurity.org/projects/commercial/support/
RSS Feed