On Fri, 2 Apr 2021, Adam Katz wrote:
Hey, John et al. It's been a while. I hope things are going well.
I've found an FP on URI_TRY_3LD from
https://mynews.apple.com/subscriptions?… that you could solve by adding
a new alternation to the relevant negative lookahead in that regex:
-uri URI_TRY_3LD
m,^https?://(?:try|start|get(?!.adobe)|save|check(?!out)|act|compare|join|learn|request|visit(?!or)|my(?!sub|turbotax)w)[^.]*.[^/]+.(?:com|net)b,i
+uri URI_TRY_3LD
m,^https?://(?:try|start|get(?!.adobe)|save|check(?!out)|act|compare|join|learn|request|visit(?!or)|my(?!news.apple.|sub|turbotax)w)[^.]*.[^/]+.(?:com|net)b,i
However, with its hit freqs [1] show an S/O hovering around 0.100 and
with the GA consistently scoring it so close to your specified 2.000
limit, I doubt this tweak will help enough. I suggest further FP
mitigations and perhaps a lower score limit.
I will take a look, thanks for the report.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhar...@impsec.org pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
307 days since the first private commercial manned orbital mission (SpaceX)
