-
-
Notifications
You must be signed in to change notification settings - Fork 198
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ARGS with regular expression should be case-sensitive match. #1028
Labels
bug
Something isn't working
Comments
Thanks for reporting this! We are a taking a look, you have a point here. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
HTTP request argument keys are case-sensitive. We should store keys in collection in a case-sensitive manner and allow rule writers to craft the rule-checking static parameter or regular expression in case-sensitive manner.
ARGS:/^Key/ should match in a case-sensitive manner.
It stores keys in lowercase which won't match against Regex configured in the rule. Keys should do a case-sensitive match.
Steps to reproduce
Write a rule for ARGS with regular expression.
SecRule ARGS:/^Key/ "my-value" "id:101,phase:1,deny,status:403,msg:'ARGS:key matched.'"
Send HTTP request: "http://localhost:9000/index.html?ID=123&Key=my-value"
I have HTTP server running with Coraza on 9000 port where I am sending this request and getting 200 OK response back.
Output:
Expected result
It should deny and send 403 response back.
Actual result
200 OK
The text was updated successfully, but these errors were encountered: