Irregular Expressions

Well, it looks like the reason blacklist_to_modsec has been working so well for me is that I’m running Apache 2.x.

***mod_security|http://www.modsecurity.org/*** uses ***Apache|http://httpd.apache.org/***’s built-in regular expression engine, but this engine differs between Apache version 1.x and 2.x. I’ve been writing regexes to the 2.x standard, which is the same as ***Perl|http://perl.org/***’s regular expression engine (PCRE)… but these don’t work as expected on Apache 1.x, which uses a POSIX-style regex engine. I’ve spent a few hours trying to write some sort of conversion routine to change PCRE into POSIX, but it’s very frustrating because there are some things that just don’t translate well. So if anyone knows of an easy way to get PCRE to change into POSIX, lemme know. Otherwise, proper regex support will be a ways off.

Of course, I’d rather everyone just upgrade to Apache 2.x… but that’s just a dream. Bah.

On a positive note, if I can spare some time this week, I’ll try to get out an updated version that has dumbed-down regex support, along with some other bugfixes.

2 thoughts on “Irregular Expressions

  1. Dave Ely

    I happened to run into this last week and have a solution that works for me in a slightly patched version (that also supports MT 2.6x and MTBL 1.6x by trimming white space and eating empty lines).

    The call for the POSIX fixup was available, it just wasn’t used in the code I downloaded (no version tag so I can’t say for sure which version it was).

    Ping me if you’d like the tweaked script.

    Reply
  2. Pingback: Ztuff

Leave a Reply

Your email address will not be published. Required fields are marked *