Re: Has anyone ever used multiMatch?

On Mon, Aug 31, 2009 at 12:45 PM, Marc Stern<marc.stern <at> approach.be> wrote:
> Hi Ivan,

Hi Marc,

> I use it, but it is a bit limited because

It is, I agree.

> 1. it tries to map after all transformations where you may only want to map
> after certain transformations (so a "t:match" would be more efficient)

That's an excellent idea.

> 2. most of the time, you need to perform several times a transformation
> (like "t:lowercase") after other ones (decoding ones)
>
> 3. for non breaking rules, there is no way to stop the rule after the first
> match. If you increase a counter by one, it will match 5 times and your
> counter will be increased 5 times also. Obviously, you can bypass this with
> complex rules, but it is not trivial for beginners

I guess this is where transformation via Lua could make more sense, as
 you'd be able to transform things exactly in the order you need.

> Regards
>
> Marc
>
>
> Ivan Ristic wrote:
>>
>> I am really curious, has anyone ever used (or even thought about
>> using) the multiMatch action?
>>
>>
>> http://www.modsecurity.org/documentation/modsecurity-apache/2.5.9/modsecurity2-apache-reference.html#N1182A
>>
>

--

-- 
Ivan Ristic
Security assessment of your SSL servers
https://www.ssllabs.com/ssldb/

------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day 
trial. Simplify your report design, integration and deployment - and focus on 
what you do best, core application coding. Discover what's new with 
Crystal Reports now.  http://p.sf.net/sfu/bobj-july
_______________________________________________
mod-security-users mailing list
mod-security-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Appliances, Rule Sets and Support:
http://www.modsecurity.org/breach/index.html