ModSecurity icon indicating copy to clipboard operation
ModSecurity copied to clipboard

Published 20 hours ago verified publisher icon owasp-modsecurity

Operator @rx has different flags in two engines

Open airween opened this issue 1 year ago • 2 comments

Describe the bug

It seems like the @rx operator has a different behavior in two engines (mod_security2 and libmodsecurity3)

mod_security2 has these PCRE flags:

PCRE2, PCRE

libmodsecurity3 has these ones:

PCRE2, PCRE

To Reproduce

https://github.com/coreruleset/coreruleset/issues/3277

We should discuss:

  • do we want to resolve this issue?
  • how?

airween avatar Nov 07 '24 12:11 airween

I think this is a good idea, I mean add a build flag to libmodsecurity3 (mod_security2 is not affected) which changes the flag, and not in the next release but after that we make it mandatory (and we can add an optional build flag to keep the old (current) one).

airween avatar Nov 13 '24 20:11 airween

PCRE2_DOTALL & PCRE2_DOLLAR_ENDONLY look the right way for me as we need to check multiline ARGS

marcstern avatar Nov 14 '24 08:11 marcstern