We have security in our firewall to prevent SQL-Injection from destroying any of our content:
Name
Type
Context
Severity
Pattern
Configure
CS:select_into
signature
http-url
critical
.*\[select\].*\[into\].*
Edit
Remove
CS:select_from
signature
http-url
critical
.*\[select\].*\[from\].*
Edit
Remove
CS:insert_into
signature
http-url
critical
.*\[insert\].*\[into\].*
Edit
Remove
CS:drop_database
signature
http-url
critical
.*\[drop\].*\[database\].*
Edit
Remove
CS:drop_table
signature
http-url
critical
.*\[drop\].*\[table\].*
Edit
Remove
CS:delete_from
signature
http-url
critical
.*\[delete\].*\[from\].*
Edit
Remove
CS:drop_view
signature
http-url
critical
.*\[drop\].*\[view\].*
Edit
Remove
CS:exec
signature
http-url
critical
.*\[exec\].*(%28|\().*(%29|\)).*
Edit
Remove
CS:update_set
signature
http-url
critical
.*\[update\](%20|\+)(%20|\+|.)*\[set\].*
Edit
Remove
How can we adjust this so that from one of our own URL’s it is possible to load the following files?
-
FileDropAreaIconsAndDescriptionsView.css
-
FileDropAreaIconsHorizontalView.css
-
FileDropAreaIconsView.css
-
FileDropAreaTableView.css
De files contain the words ‘drop’ and ‘view’ and this makes the url to comply with the rules to be blocked. How can we chenge the regular expression in a way that in this case with the filenames stated above will pass this regex and therefore will not be blocked?
Add a white-space selector after the first word.
For example,
.*\[drop\].*\[table\].*.Might become:
.*\[drop\]\s+.*\[table\].*Assuming that the system accepts the standard
\sflag for “any whitespace character”.