'Re: [mod-security-users] Case insensitivity for specific ARGS?'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       mod-security-users
Subject:    Re: [mod-security-users] Case insensitivity for specific ARGS?
From:       Marcus Semblano <marcus.semblano () locaweb ! com ! br>
Date:       2014-02-25 20:27:30
Message-ID: 2A6AC8A64E822C499B733990C81B79C6B5CB5234 () srvexchmbx01 ! fabrica ! locaweb ! com ! br
[Download RAW message or body]

Hi Reuben,

you could use lowecase transformation and make a small adjustment on your r=
egexp:

"([a-z]+_)?product_p?name(_[0-9])?" "t:none,t:lowercase"


Regards,

Marcus Semblano
CT - Seguran=E7a | Security Specialist
T: 11 3544-0444

Locaweb =96 www.locaweb.com.br<http://www.locaweb.com.br>
L=EDder em Hosting Infrastructure Services no Brasil e na Am=E9rica Latina =
em 2012, segundo a IDC

________________________________
From: Reuben Popp [reuben.popp@gmail.com]
Sent: Tuesday, February 25, 2014 5:23 PM
To: mod-security-users@lists.sourceforge.net
Subject: [mod-security-users] Case insensitivity for specific ARGS?

Hey all, quick question.

I want to make an exception to a CRS rule.  I would like to have the rule n=
ot match
patterns consisting of the following:

foo_product_name
product_name_1
PRODuct_Pname

I believe the following will take care of things, but I am not sure how to =
specify that the ARGS matching should be insensitive.  Any suggestions?

([A-Z]+_)?product_p?name(_[0-9])?

Thanks in advance!
Reuben

[Attachment #3 (text/html)]

<html dir="ltr">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=Windows-1252">
<style id="owaParaStyle" type="text/css">P {margin-top:0;margin-bottom:0;}</style>
</head>
<body ocsi="0" fpstyle="1">
<div style="direction: ltr;font-family: Tahoma;color: #000000;font-size: 10pt;">Hi \
Reuben,<br> <br>
you could use lowecase transformation and make a small adjustment on your regexp:<br>
<br>
<span dir="ltr">&quot;([a-z]&#43;_)?product_p?name(_[0-9])?&quot;</span> \
&quot;t:none,t:lowercase&quot;<br> <div><br>
<div style="font-family:Tahoma; font-size:13px">
<div style="font-family:Tahoma; font-size:13px">
<div style="font-family:Tahoma; font-size:13px">
<div style="font-family:Tahoma; font-size:13px"><br>
<div style="font-family:Tahoma; font-size:13px"><font size="3"><font \
face="Calibri">Regards,</font></font><font size="3" face="Calibri"><br> <span \
lang="pt-BR"> <div style="margin:0"><b><br>
Marcus Semblano<br>
</b></div>
<div style="margin:0">CT - S<font size="3">egurança <font size="3">| \
</font></font>Security Specialist<br> </div>
<div style="margin:0"><font size="3">T: </font>11 3544-0444</div>
<div style="margin:0"><br>
Locaweb –<b> </b><a href="http://www.locaweb.com.br" \
target="_blank"><b>www.locaweb.com.br</b></a><b> </b></div>
<div style="margin:0">Líder em Hosting Infrastructure Services no Brasil e na América \
Latina em 2012, segundo a IDC</div> </span></font><br>
</div>
</div>
</div>
</div>
</div>
</div>
<div style="font-family: Times New Roman; color: #000000; font-size: 16px">
<hr tabindex="-1">
<div style="direction: ltr;" id="divRpF430411"><font size="2" color="#000000" \
face="Tahoma"><b>From:</b> Reuben Popp [reuben.popp@gmail.com]<br> <b>Sent:</b> \
Tuesday, February 25, 2014 5:23 PM<br> <b>To:</b> \
mod-security-users@lists.sourceforge.net<br> <b>Subject:</b> [mod-security-users] \
Case insensitivity for specific ARGS?<br> </font><br>
</div>
<div></div>
<div>
<div dir="ltr">Hey all, quick question.
<div><br>
</div>
<div>I want to make an exception to a CRS rule. &nbsp;I would like to have the rule \
not match</div> <div>patterns consisting of the following:</div>
<div><br>
</div>
<div>foo_product_name</div>
<div>product_name_1</div>
<div>PRODuct_Pname</div>
<div><br>
</div>
<div>I believe the following will take care of things, but I am not sure how to \
specify that the ARGS matching should be insensitive. &nbsp;Any suggestions?</div> \
<div><br> </div>
<div>([A-Z]&#43;_)?product_p?name(_[0-9])?</div>
<div><br>
</div>
<div>Thanks in advance!</div>
<div>Reuben</div>
</div>
</div>
</div>
</div>
</body>
</html>


[Attachment #4 (--===============4930565480235493572==)]
------------------------------------------------------------------------------
Flow-based real-time traffic analytics software. Cisco certified tool.
Monitor traffic, SLAs, QoS, Medianet, WAAS etc. with NetFlow Analyzer
Customize your own dashboards, set traffic alerts and generate reports.
Network behavioral analysis & security monitoring. All-in-one tool.
http://pubads.g.doubleclick.net/gampad/clk?id=126839071&iu=/4140/ostg.clktrk

_______________________________________________
mod-security-users mailing list
mod-security-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
http://www.modsecurity.org/projects/commercial/rules/
http://www.modsecurity.org/projects/commercial/support/


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic