Skip to content

Regular expressions in rule targets not respected #1591

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
ghost opened this issue Oct 13, 2017 · 1 comment
Closed

Regular expressions in rule targets not respected #1591

ghost opened this issue Oct 13, 2017 · 1 comment
Assignees
@zimmerle
Labels
libmodsec - missing features RIP - libmodsecurity
Milestone
v3.0.0 feature co...

Comments

@ghost
Copy link

ghost commented Oct 13, 2017
edited by ghost
Loading

I am using core rule set 3.0.2 with latest libmodsecurity built from v3/master on nginx.

By appending the following to rule 942420 for example with:
|!REQUEST_COOKIES:Example.Session
I am able to successfully ignore the offending cookie.

However if I do the same to cover any of my Example cookies like this:
|!REQUEST_COOKIES:/Example/
The target is not respected and the cookie is blocked.

I have also tried variations like /^Example/ or /^Example\./ and cannot make the target match.
@zimmerle zimmerle self-assigned this Oct 16, 2017
@zimmerle zimmerle added this to the v3.0.0 feature complete milestone Oct 16, 2017
@zimmerle
Copy link
Contributor

Hi @Slabber,

Thank you for the bug report. The pipe line inside the regex was considered to be part of the regexp, making the parser to understand __utm/|!REQUEST_COOKIES:/_pk_ref/|!REQUEST_COOKIES:/__utm/|!REQUEST_COOKIES:/_pk_ref/ as the regular expression for the first REQUEST_COOKIES:/. As of 30797a4 the pipe is no longer accepted inside the regex, instead it was treated like a variable separator. That is the behavior that we can find on ModSecurity version 2.

zimmerle pushed a commit that referenced this issue Oct 17, 2017
Parser: Pipes are no longer welcomed inside regex dict element select…
30797a4 
…ion.

Issue #1591
zimmerle pushed a commit that referenced this issue Oct 20, 2017
Support pipes inside quoted variable selection
93e18ca 
As of #1591 the pipe support was disable in the general selection which
was also affecting the quoted selection. This pactch adds the support
for pipes inside the quoted selection only.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@zimmerle zimmerle

Labels
libmodsec - missing features RIP - libmodsecurity
Projects
None yet
Milestone
v3.0.0 feature complete
Development

No branches or pull requests
2 participants
@zimmerle @victorhora