headers
Brian Rectanus | 4 Jul 20:02

Re: problem with my regex and single line HTMLcomment in RESPONSE_BODY

Hi Stephen,

I have a regression test suite coming out with ModSecurity 2.6 (no date 
yet), but I have debated backporting it to the next 2.5 release as well. 
  This is a framework for testing ModSeucrity directives and automates 
the conf file edit, restart, view the debug log process that may help 
you in testing.

-B

Stephen Craig Evans wrote:
> Hi,
> 
> I'm a little embarrassed about yesterday's outburst - I guess reading
> debug files for so long made me a little nutso.
> 
> Ivan, back to your idea of a ModSecurity console...
> 
> I think a large part of my frustration (besides sucking at writing
> regex's :-) comes from having to modify the .conf file, restart
> Apache, run a test case, then wade through the debug log file just to
> see if it worked or not.
> 
> In a couple of weeks after I've hit the 50% project completion
> milestone and I compile and install 2.5.5, I'll look more closely at
> the C functions in msc_pcre.c. Perhaps it won't be too difficult to
> write a C program that can call those directly or call the function
> calls that ModSecurity calls.
> 
> For now I would be happy with just a shell command line interface
> where I can input the regex, then proceed by entering different
> strings and knowing if they match or not.
> 
> I am writing many WebGoat sublesson-specific regex's and this would
> save me a lot of time I believe.
> 
> Cheers,
> Stephen
> 
> On Fri, Jul 4, 2008 at 8:55 AM, Ivan Ristic <ivanr <at> webkreator.com> wrote:
>  > Achim Hoffmann wrote:
>  >>
>  >> ...
>  >>
>  >>
>  >> Thanks for your in-depth examples, I'm going to analyze that but they
>  >> don't really answer what I asked for according PCRE_DOLLAR_ENDONLY and
>  >> PCRE_DOTALL and how ModSecurity passes "strings" to the regex engine.
>  >
>  > We pass them as they are. What is passed depends on the variable you use.
>  > Headers, which you mentioned in your previous emails, we get from 
> Apache and
>  > pass them through. As far as I know it's just a string, because 
> Apache will
>  > collapse folded headers.
>  >
>  > In other places (e.g. parameters) you will get newlines if they are 
> there.
>  >
>  > Ivan
>  >
>  >
> 

-------------------------------------------------------------------------
Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW!
Studies have shown that voting for your favorite open source project,
along with a healthy diet, reduces your potential for chronic lameness
and boredom. Vote Now at http://www.sourceforge.net/community/cca08
Permalink | Reply |

Gmane