Firewall blocking files using Reg_Ex needs to be adjusted

Question

We have security in our firewall to prevent SQL-Injection from destroying any of our content:

Name
 Type
 Context
 Severity
 Pattern
 Configure

CS:select_into
 signature
 http-url
 critical
 .*\[select\].*\[into\].*
 Edit
 Remove

CS:select_from
 signature
 http-url
 critical
 .*\[select\].*\[from\].*
 Edit
 Remove

CS:insert_into
 signature
 http-url
 critical
 .*\[insert\].*\[into\].*
 Edit
 Remove

CS:drop_database
 signature
 http-url
 critical
 .*\[drop\].*\[database\].*
 Edit
 Remove

CS:drop_table
 signature
 http-url
 critical
 .*\[drop\].*\[table\].*
 Edit
 Remove

CS:delete_from
 signature
 http-url
 critical
 .*\[delete\].*\[from\].*
 Edit
 Remove

CS:drop_view
 signature
 http-url
 critical
 .*\[drop\].*\[view\].*
 Edit
 Remove

CS:exec
 signature
 http-url
 critical
 .*\[exec\].*(%28|\().*(%29|\)).*
 Edit
 Remove

CS:update_set
 signature
 http-url
 critical
 .*\[update\](%20|\+)(%20|\+|.)*\[set\].*
 Edit
 Remove

How can we adjust this so that from one of our own URL's it is possible to load the following files?

• FileDropAreaIconsAndDescriptionsView.css

• FileDropAreaIconsHorizontalView.css

• FileDropAreaIconsView.css

• FileDropAreaTableView.css

De files contain the words 'drop' and 'view' and this makes the url to comply with the rules to be blocked. How can we chenge the regular expression in a way that in this case with the filenames stated above will pass this regex and therefore will not be blocked?

Answer 1

Add a white-space selector after the first word.
For example, .*\[drop\].*\[table\].* .

Might become: .*\[drop\]\s+.*\[table\].*

Assuming that the system accepts the standard \s flag for "any whitespace character".

Answer 2

How about adding spaces inside the regex patterns?

So change

.*\[drop\].*\[view\].*

to

.*\[drop\]\s+.*\[view\].*

... and so on.