As such, the use of regular expression (regex) matching is available via several operators in the ModSecurity language, with a general warning in the documentation indicating that it is a powerful tool and should be used carefully.
Regular expressions in particular are challenging because they can easily become taxing in terms of performance, but at the same time, they are an absolute necessity for our users to be able to craft complex (and even not-so-complex) rules. The Evolution of Regular Expressions in ModSecurity It will cover an issue raised by a member of the community as a security issue (assigned CVE-2020-15598), which we disputed, and some tips for how to avoid the more problematic aspects of regular expressions in ModSecurity.įor those of you who don’t care for the details, feel free to jump directly to the “How to Avoid Taxing Your ModSecurity Regular Expressions” section of this post. This blog post will discuss that tradeoff in the context of regular expressions in ModSecurity. That is a tradeoff we constantly have to manage in ModSecurity. This means that it can do a lot of things, but like any scripting language, the wider the range of capabilities you provide, the greater the responsibility you put on users to use them correctly. The core of ModSecurity’s strength as an engine lies in providing a rule language that can be utilized by ModSecurity users to create protections against whichever vulnerabilities are relevant for the user’s use case. ModSecurity is an open-source Web Application Firewall (WAF) engine maintained by Trustwave.
0 kommentar(er)
