views:

20

answers:

2

We have security in our firewall to prevent SQL-Injection from destroying any of our content:

Name
 Type
 Context
 Severity
 Pattern
 Configure

CS:select_into
 signature
 http-url
 critical
 .*\[select\].*\[into\].*
 Edit
 Remove

CS:select_from
 signature
 http-url
 critical
 .*\[select\].*\[from\].*
 Edit
 Remove

CS:insert_into
 signature
 http-url
 critical
 .*\[insert\].*\[into\].*
 Edit
 Remove

CS:drop_database
 signature
 http-url
 critical
 .*\[drop\].*\[database\].*
 Edit
 Remove

CS:drop_table
 signature
 http-url
 critical
 .*\[drop\].*\[table\].*
 Edit
 Remove

CS:delete_from
 signature
 http-url
 critical
 .*\[delete\].*\[from\].*
 Edit
 Remove

CS:drop_view
 signature
 http-url
 critical
 .*\[drop\].*\[view\].*
 Edit
 Remove

CS:exec
 signature
 http-url
 critical
 .*\[exec\].*(%28|\().*(%29|\)).*
 Edit
 Remove

CS:update_set
 signature
 http-url
 critical
 .*\[update\](%20|\+)(%20|\+|.)*\[set\].*
 Edit
 Remove

How can we adjust this so that from one of our own URL's it is possible to load the following files?

  • FileDropAreaIconsAndDescriptionsView.css

  • FileDropAreaIconsHorizontalView.css

  • FileDropAreaIconsView.css

  • FileDropAreaTableView.css

De files contain the words 'drop' and 'view' and this makes the url to comply with the rules to be blocked. How can we chenge the regular expression in a way that in this case with the filenames stated above will pass this regex and therefore will not be blocked?

+1  A: 

Add a white-space selector after the first word.
For example, .*\[drop\].*\[table\].* .

Might become: .*\[drop\]\s+.*\[table\].*

Assuming that the system accepts the standard \s flag for "any whitespace character".

Brock Adams
Thanks alot for this ;).
Younes
You're welcome. Glad to help.
Brock Adams
A: 

How about adding spaces inside the regex patterns?

So change

.*\[drop\].*\[view\].*

to

.*\[drop\]\s+.*\[view\].*

... and so on.

Chetan