This is actually surprising new information to me (and apparently Ryan as he wrote the rule). This really does show the value of going back over these rules. With this in mind I do think that we should definitely place this in paranoid mode as my whole basis for not doing so was that it never triggered. I have also merged your changes
On 2/18/16, 5:03 AM, "owasp-modsecurity-core-rule-set-boun...@lists.owasp.org on behalf of Christian Folini" <owasp-modsecurity-core-rule-set-boun...@lists.owasp.org on behalf of christian.fol...@netnea.com> wrote: >Manuel > >On Thu, Feb 18, 2016 at 09:56:31AM +0000, Leos Rivas Manuel wrote: >> Maybe you can have a rule before this to check &variable eq 0 and skip >>the rule > >I guess so. But I wrote the default as empty variable and not >non-existing variable. So I thought I would skip the "&variable eq 0". > >> but the cost of macro expansion in your @within against that very >> simple regex should be very low, especially if you compare it to >> other rules with multiple capturing +100 long regex ;) > >Yes. Think so too. And maybe there is even special code in pcre to >reduce the costs of ^$. > >Ahoj, > >Christian > > >-- >If you have men who will only come if they know there is a good road, >I don't want them. I want men who will come if there is no road at all. >-- David Livingstone >_______________________________________________ >Owasp-modsecurity-core-rule-set mailing list >Owasp-modsecurity-core-rule-set@lists.owasp.org >http://scanmail.trustwave.com/?c=4062&d=95zF1uCB2ZJfe9yLcH9VyKahmVYtxCoLTv >06aa44Mw&s=5&u=https%3a%2f%2flists%2eowasp%2eorg%2fmailman%2flistinfo%2fow >asp-modsecurity-core-rule-set ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. _______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
