regex
15 TopicsRegex issue
Hello, I am stuck on trying to find out how to match some parameters in a WAF request using regex wildcard The parameters that I want to match are int the form ofamp;arg20=somethingwhere the arg20 can be anything. The repetitive part that I want to match with the regex is amp; and I want to match multiple times because it appears multiple times in the query string This is the request GET /human.aspx?r=2900376326&arg20=dssdds&arg21=aaa HTTP/1.1 I want to match the 2 parameters amp;arg20 and amp;arg21 with a wildcard which appears as invalid parameters Parameter Location Query String Parameter Name amp;arg20 Parameter Value dssdds Applied Blocking Settings BlockAlarmLearn Parameter Location Query String Parameter Name amp;arg21 Parameter Value aaa Applied Blocking Settings BlockAlarmLearn I tried to create multiple wildcard parameters like: amp.* or amp.+?(?==)but the parameters never match and I get the illegal parameter violation How can this be achieved?Solved1.2KViews1like8CommentsCustom attack signature syntax for multiple user agents
Hi, I want to create a custom attack signature that will block requests that contains specific user agents. I've already created a signature that blocks Python user agent, but I'm not sure how to add multiple ones to the same signature. Under "Rule" section, I use the Simple Edit Mode and I have set: Matched Element: Header Matched Criteria: Matches regular expression Keyword: User-Agent:.*[Pp]ython.* How do I add more user agents? Thanks781Views1like1Comment