Re: Filter question

Gerwin Krist -|- Digitalus Webhosting wrote:
> Hello guys,
> 
> I want the following filter but i can't figger it out exactly.
> I want to check ARGS if there is http:// in it AND .txt OR.jpg OR .gif.
> so it should match on all: 
> id=http://www.ddddd.br/dc.jpg
> id=http://www.ddddd.br/dc.txt
> id=http://www.ddddd.br/dc.jpg
> 
> What should be the filter code to use?

  Try something like this:

  SecFilterSelective ARGS "(http:/).+(\.txt|\.jpg|\.gif)"
                                ^1     ^2

  1. Anti-evasion techniques mod_security uses will compress multiple
     forward slash characters to only one.

  2. Because the dot character has a special meaning in regular
     expressions you will want to escape it to neutralise it.

--

-- 
ModSecurity (http://www.modsecurity.org)
[ Open source IDS for Web applications ]

-------------------------------------------------------
This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
Project Admins to receive an Apple iPod Mini FREE for your judgement on
who ports your project to Linux PPC the best. Sponsored by IBM.
Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php