-
Notifications
You must be signed in to change notification settings - Fork 1.7k
Closed
Labels
2.xRelated to ModSecurity version 2.xRelated to ModSecurity version 2.x
Description
I've got a second problem:
SecRule REQUEST_FILENAME "^/../login$" "phase:1,id:1005,t:none,nolog,pass,ctl:ruleRemoveTargetByTag=OWASP_CRS/(WEB_ATTACK/(SQL_INJECTION|XSS|LDAP_INJECTION)|PROTOCOL_VIOLATION/EVASION);ARGS:login[password]"
is one of my rules. In my logic it should work, but I get the following
error:
Syntax error on line 23 of
/etc/modsecurity/modsecurity_crs_15_pre_custom.conf:
Error parsing actions: ModSecurity: Invalid regular expression
"OWASP_CRS/(WEB_ATTACK/(SQL_INJECTION"
Action 'configtest' failed.
The Apache error log may have more information.
failed!
It seems so that the problem is caused by the pipe in the regex-expression, but why?
The Regex is complete and should work, see here:
See: https://www.debuggex.com/r/gPYlTgYDoVVPJj3g
Metadata
Metadata
Assignees
Labels
2.xRelated to ModSecurity version 2.xRelated to ModSecurity version 2.x