ModSecurity icon indicating copy to clipboard operation
ModSecurity copied to clipboard

Published 20 hours ago verified publisher icon owasp-modsecurity

ctl:ruleRemoveTargetByTag does not support regex in ModSecurity v3.x

Open martinhsv opened this issue 5 years ago • 2 comments

Issue https://github.com/SpiderLabs/ModSecurity/issues/588 was raised against ModSecurity v2.9.x. In those versions ctl:ruleRemoveTargetByTag does support regular expressions, but the raised issue noted that some regex metacharacters cause difficulties.

This new issue is being created to separately track the different state of affairs in v3.x.

In particular, ctl:ruleRemoveTargetByTag works correctly when specifying regular text. It does not, however, have any support at all for regex.

This appears to have been intentional in the initial implementation of the v3.x code, so any regex functionality implemented for ctl:ruleRemoveTargetByTag now may be considered an enhancement rather a bug fix.

It's unclear how widely useful regular expressions are for this particular ctl action, but this issue at least allows the matter to be considered for 3.1 (or later) implementation.

martinhsv avatar Oct 22 '20 20:10 martinhsv

Rule exclusion on API that usually has JSON body it's a pain on v3 without this feature.

A nested JSON body is hard to exclude. Something like:

{
   "foo": [
      {"bar": "1"},
      {"bar": "1 or 1=1--"}
      ...
   ]
}

It makes a lot of users remove the whole ruleset or turn off the request body access instead of removing a long, long list of:

ARGS:json.foo.array_0.bar ARGS:json.foo.array_1.bar etc...

theMiddleBlue avatar Aug 09 '23 22:08 theMiddleBlue

I would also like this feature

fardarter avatar Mar 01 '24 08:03 fardarter