Allow regular expressions in ctl:ruleRemoveTargetByX variable names #911#1683
Allow regular expressions in ctl:ruleRemoveTargetByX variable names #911#1683vvidic wants to merge 1 commit intoowasp-modsecurity:v2/masterfrom
Conversation
…wasp-modsecurity#911 SecRule REQUEST_URI "@beginswith /index.php" \ "id:1001,phase:1,pass,nolog, \ ctl:ruleRemoveTargetById=942100;ARGS:/^password\[\d+\]$/"
|
Hi @vvidic, Thank you for the patch. As of the release of version 3 we are only merging new features if they are also available for v3. |
zimmerle
added
the
waiting for v3
|
So you mean I should send a patch for v3 branch than? |
|
Hi @vvidic, It means that it won't be released until we have the same functionality in v3. |
|
@vvidic thx a lot for this wonderful patch. |
|
@vvidic Do you have the functionality available for v3? |
|
Looking for it.... |
|
Should be merged even if there's no v3 version, some rules cannot be written without this feature. |
|
On Tue, Aug 27, 2019 at 07:40:03AM -0700, azurit wrote:
Should be merged even if there's no v3 version, some rules cannot be written
without this feature.
Right, but I think this was a request from the upstream authors.
…--
Valentin
|
|
I was talking to them off source :) btw, thnx for the patch. |
|
On Tue, Aug 27, 2019 at 10:44:47AM -0700, azurit wrote:
I was talking to them off source :) btw, thnx for the patch.
Great :) In the meanwhile I checked the v3 code and found 2 places
in src/rule.cc where RemoveTargetById/Tag is being used so this is
probably where the changes should go...
…--
Valentin
|
|
Example of exclusive rule which cannot be written without this feature (Typo3, probably a CSRF security token which is part of input name):
|
|
Another obstacle in the v3 implementation seems to be the parser,
as it does not except the regex in the variable name:
SecRule REQUEST_FILENAME "@ENDSWITH /wp-login.php" "id:9002100,phase:2,t:none,nolog,pass,ctl:ruleRemoveTargetById=123;ARGS:/^pwd$/"
Rules error. File: action-ctl_rule_remove_target_by_id.json. Line: 1. Column: 132. Expecting an action, got: ^pwd$/"
Not sure how to work around this?
…--
Valentin
|
|
@vvidic Today i came accross a bug in this feature: It's not possible to match a pipe symbol ( | ), even when escaped. Apache will print this error: Example rule (Prestashop web translation feature): The interesting is that escaped pipe symbol can be used in parts where regex is officially supported (e.g. in REQUEST_FILENAME matching in the beginning of the rule). |
|
Won't compile with |
Thanks, I'll take a look at it soon. |
This comment was marked as outdated.
This comment was marked as outdated.
Sorry, something went wrong.
marcstern
left a comment
marcstern
left a comment
There was a problem hiding this comment.
if((strlen(myvalue) == strlen(value)) && strncasecmp(myvalue,value,strlen(myvalue)) == 0)
Why not
if(strcasecmp(myvalue,value,strlen(myvalue)) == 0)
marcstern
left a comment
marcstern
left a comment
There was a problem hiding this comment.
else if (value == NULL && myvalue == NULL) {
if (msr->txcfg->debuglog_level >= 9) {
msr_log(msr, 9, "fetch_target_exception: Target %s will not be processed.", target);
}
match = 1;
} else if (value == NULL && myvalue != NULL) {
if (msr->txcfg->debuglog_level >= 9) {
msr_log(msr, 9, "fetch_target_exception: Target %s will not be processed.", target);
}
match = 1;
}
Simplify:
else {
if (msr->txcfg->debuglog_level >= 9) {
msr_log(msr, 9, "fetch_target_exception: Target %s will not be processed.", target);
}
match = 1;
}
7 participants
SecRule REQUEST_URI "@beginswith /index.php"
"id:1001,phase:1,pass,nolog,
ctl:ruleRemoveTargetById=942100;ARGS:/^password[\d+]$/"