http - ModSecurity does not read plus sign (for space sign) in regex -


i using regular expressions modsecurity rules , stuck on issue + sign (which used spaces in http request).

here secrule:

secrule args_post:sentence "!@rx ^[\+abcdefghijklmnopqrstuvwxyz]{12, 134}$" "phase:2,id:23,deny,log,status:406,msg:abnormal,tag:/web_attack/abnormal,severity:1"

now if try 'sentence' parameter "hello stuggling regex", http request have "sentence=hello+i+am+struggling+with+regex". should go modsecurity blocks it. logs display: 

[date] [:error] [pid info] [client info] modsecurity: access denied code 406 (phase 2). match of "rx ^[\\\\+abcdefghijklmnopqrstuvwxyz]{12, 134}$" against "args_post:sentence" required. [end of error msg]

so looks when reading rule, modsecurity kind of magically adds 3 slashes.. believe problem comes have no idea think of , how solve it. have tried \+ adds 2 slashes. %2b actual + sign , not space 1 useless well. parameter 'email' , works fine '@' '.' '-' (\@ . - work without issue).

please tell me if more info needed.


Comments

Post a Comment

Popular posts from this blog

javascript - Create a stacked percentage column -

i have collection of data : var data = [ {"p301a":"10","p301b":"7","p301c":"7","p301d":"3","p301e":"8","p301f":"8","p301g":"8","p301h":"8","p301i":"8","p301j":"8","p301k":"8","p301l":"8","p301m":"8","p301n":"8","p301o":"8","age":"31-40 years","profesion":"2","position":"2"}, {"p301a":"5","p301b":"4","p301c":"4","p301d":"4","p301e":"4","p301f":"4","p301g":"4","p301h":"4","p301i":"4","p301j":"4","p301k":"4...
Read more

Optimising Firebase database by automatically overwriting data -

in firebase app have following structure: posts latest all users can write posts > latest . want limit entries 20 posts save space in database. , posts beyond 20 unnecessary never shown on homepage. how can limit posts 20, when user writes posts > latest posts @ end drop off (be deleted) automatically? this sample should you. you need : const max_log_count = 20; exports.removeold = functions.database.ref('/posts/latest/{postid}').oncreate(event => { const parentref = event.data.ref.parent; return parentref.once('value').then(snapshot => { if (snapshot.numchildren() >= max_log_count) { let childcount = 0; const updates = {}; snapshot.foreach(function(child) { if (++childcount <= snapshot.numchildren() - max_log_count) { updates[child.key] = null; } }); // update parent. removes children. ...
Read more

javascript - Angular UI-Grid customTemplate directive causing rows to load slowly/? -

Image
each grid cell can have more 1 customtemplate loaded. have directive holds watcher on model_col_field listen cell updates on scroll when dom rows updated , recompile celltemplate . without watcher , $compile rows repeat on scroll, showing same set of rows. is there more angular way of approaching or way improve performance? relevant controller code: create gridoptions.data & gridoptions.columndefs : var customtemp = '<div ng-repeat="opt in grid.appscope.colvalueoptionsmodel" ng-init="tempstring=model_col_field.clazz+opt.key;"><comparison-directive dbo="model_col_field" attobj="opt" fff="grid.appscope.getattributetemplate(tempstring)" /></div>'; $scope.gridoptions.columndefs = [ { name:'yindex',pinnedleft:true,celltemplate: customtemp, displayname:'index'}, { name:'col1',celltemplate: customtemp}, { name:'col2',celltemplate: c...
Read more