On Sun, Dec 4, 2011 at 2:49 PM, Tzury Bar Yochay <[email protected]> wrote: > Hi, > > I wonder what is the meaning of rules in the following structure: > > &TX:'/REGEXP/'
Hi Tzury, Like any other collection, you can limit the search inside that collection via regex. For example, if you wanted to check there is at least one variable whose name includes the string Tzury inside the TX collection you could write: SecRule &TX:'/Tzury/' "@eq 1" "phase:2,t:none,allow" -- - Josh > > since '&' is the counter operator, and as far as I know, at least > according to "ModSecurity Handboo" by "Ivan Ristic", TX is used to capture > data and it range from 0 to 9. > So I would expect a numeric parameter rather than a regular expression (e.g. > TX:0, TX:1, etc.). > > Those are found all over files under '/slr_rules'. > > examples: > > SecRule &TX:'/RFI.*ARGS:pathForArdeaCore/' "@gt 0" > SecRule &TX:'/RFI.*ARGS:page_include/' "@gt 0" > SecRule &TX:'/RFI.*ARGS:LibDir/' "@gt 0" > > and many more... > > > > > _______________________________________________ > Owasp-modsecurity-core-rule-set mailing list > [email protected] > https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set > _______________________________________________ Owasp-modsecurity-core-rule-set mailing list [email protected] https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
