Adam Katz wrote:
On 15-May-2009, at 12:46, Adam Katz wrote:
uri URI_HIDDEN /.{7}\/\../
LuKreme wrote:
That won't catch
http://www.spammer.example.com/.../hidden-malware.asf, it will only
catch the relative url form ../path/to/content which SA improperly
prefaces with http://;
uri URI_HIDDEN
On Mon, 8 Mar 2010, Ned Slider wrote:
Adam Katz wrote:
On 15-May-2009, at 12:46, Adam Katz wrote:
uri URI_HIDDEN /.{7}\/\../
LuKreme wrote:
That won't catch
http://www.spammer.example.com/.../hidden-malware.asf, it will only
catch the relative url form ../path/to/content
John Hardin wrote:
On Mon, 8 Mar 2010, Ned Slider wrote:
So I've refined the rule to specifically exclude hitting on the
sequence ../. which stops the rule triggering on multiple relative paths.
uriLOCAL_URI_HIDDEN_DIR/(?!.{6}\.\.\/\..).{8}\/\../
How about:
uri
On Mon, 8 Mar 2010, Ned Slider wrote:
John Hardin wrote:
On Mon, 8 Mar 2010, Ned Slider wrote:
So I've refined the rule to specifically exclude hitting on the sequence
../. which stops the rule triggering on multiple relative paths.
uriLOCAL_URI_HIDDEN_DIR