Thanks a lot Josh, In fact, I assumed so, but that means, TX is not only indexed by 0-9, rather with strings as well. Is this documented anywhere? Or am I missing a key principle in here?
On Sun, Dec 4, 2011 at 3:08 PM, Josh Amishav-Zlatin <[email protected]>wrote: > On Sun, Dec 4, 2011 at 2:49 PM, Tzury Bar Yochay > <[email protected]> wrote: > > Hi, > > > > I wonder what is the meaning of rules in the following structure: > > > > &TX:'/REGEXP/' > > Hi Tzury, > > Like any other collection, you can limit the search inside that > collection via regex. For example, if you wanted to check there is at > least one variable whose name includes the string Tzury inside the TX > collection you could write: > > SecRule &TX:'/Tzury/' "@eq 1" "phase:2,t:none,allow" > > -- > - Josh > > > > > since '&' is the counter operator, and as far as I know, at least > > according to "ModSecurity Handboo" by "Ivan Ristic", TX is used to > capture > > data and it range from 0 to 9. > > So I would expect a numeric parameter rather than a regular expression > (e.g. > > TX:0, TX:1, etc.). > > > > Those are found all over files under '/slr_rules'. > > > > examples: > > > > SecRule &TX:'/RFI.*ARGS:pathForArdeaCore/' "@gt 0" > > SecRule &TX:'/RFI.*ARGS:page_include/' "@gt 0" > > SecRule &TX:'/RFI.*ARGS:LibDir/' "@gt 0" > > > > and many more... > > > > > > > > > > _______________________________________________ > > Owasp-modsecurity-core-rule-set mailing list > > [email protected] > > https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set > > >
_______________________________________________ Owasp-modsecurity-core-rule-set mailing list [email protected] https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
