[Owasp-modsecurity-core-rule-set] a question about TX:'/REGEXP/' syntax

Tzury Bar Yochay tzury.by at reguluslabs.com
Sun Dec 4 07:49:42 EST 2011


I wonder what is the meaning of rules in the following structure:


since '&' is the counter operator, and as far as I know, at least
according to "ModSecurity Handboo" by "Ivan Ristic", TX is used to capture
data and it range from 0 to 9.
So I would expect a numeric parameter rather than a regular expression
(e.g. TX:0, TX:1, etc.).

Those are found all over files under '/slr_rules'.


    SecRule &TX:'/RFI.*ARGS:pathForArdeaCore/' "@gt 0"
    SecRule &TX:'/RFI.*ARGS:page_include/' "@gt 0"
    SecRule &TX:'/RFI.*ARGS:LibDir/' "@gt 0"

and many more...
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-modsecurity-core-rule-set/attachments/20111204/9e91e1d0/attachment.html 

More information about the Owasp-modsecurity-core-rule-set mailing list