apache - Using Regular Expression in updating an argument in Mod Security Core Ruleset OWASP -


i ran problem rule 981173 [msg "restricted sql character anomaly detection alert - total] sending youtube ids database. ids has special characters -, guess reason warning raised

i have been trying exclude $_post key video[391][] rule, 391 product id , it's not fix key. can video[500][] or alike.

i have tried

    secruleupdatetargetbyid 981173 !args:video[*][] 

but isn't working. idea on how excluding dynamic $_post key rule?

  message: access denied code 403 (phase 2).    pattern match "([\\~\\!\\@\\#\\$\\%\\^\\&\\*\\(\\)\\-\\+\\=\\{\\}\\[\\]\\|\\:\\;\"\\'\\\xc2\xb4\\\xe2\x80\x99\\\xe2\x80\x98\\`\\<\\>].*?){4,}"  @ args_names:video[391][]. [file "/etc/httpd/crs-tecmint/owasp-modsecurity-crs/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"]  [line "159"] [id "981173"] [rev "2"]  [msg "restricted sql character anomaly detection alert - total # of special characters exceeded"]  [data "matched data: ] found within args_names:video[391][]: video[391][]"] [ver "owasp_crs/2.2.9"] [maturity "9"]  [accuracy "8"] [tag "owasp_crs/web_attack/sql_injection"] 

i think should be:

secruleupdatetargetbyid 981173 "!args_names:/^video\[.*\]\[\]/" 

or if numeric ids this:

secruleupdatetargetbyid 981173 "!args_names:/^video\[[0-9]*\]\[\]/" 

see regular expression example here: https://github.com/spiderlabs/modsecurity/wiki/reference-manual#secruleupdatetargetbyid


Comments

Popular posts from this blog

java - UnknownEntityTypeException: Unable to locate persister (Hibernate 5.0) -

python - ValueError: empty vocabulary; perhaps the documents only contain stop words -

ubuntu - collect2: fatal error: ld terminated with signal 9 [Killed] -