[Owasp-modsecurity-core-rule-set] fixing modsecurity_crs_41_sql_injection_attacks.conf - Id=981172 - PCRE limits exceeded

Jeff Green jgreen at wikimedia.org
Mon Aug 17 23:26:12 UTC 2015


Dealing with false positives for 2.2.9 I came up with the following regex 
improvement for rule Id=981172:

Before:
"([\~\!\@\#\$\%\^\&\*\(\)\-\+\=\{\}\[\]\|\:\;\"\'\´\’\‘\`\<\>].*?){8,}"

After:
"([\~\!\@\#\$\%\^\&\*\(\)\-\+\=\{\}\[\]\|\:\;\"\'\´\’\‘\`\<\>][^\~\!\@\#\$\%\^\&\*\(\)\-\+\=\{\}\[\]\|\:\;\"\'\´\’\‘\`\<\>]*){8}"

I think the end result is the same without bumping up against recursion 
limits. Does this look sane to others?

jg


More information about the Owasp-modsecurity-core-rule-set mailing list