Fix 920440 "URL file extension is restricted by policy" regex

See original GitHub issue

_Issue for tracking original pull request created by user theMiddleBlue on date 2019-01-28 09:58:27. Link to original PR: https://github.com/SpiderLabs/owasp-modsecurity-crs/pull/1297._

HEAD is: 03b0b408b5032f7fda3697475cf408df2f32bf70 BASE is: 4ad894096c4100a8a3813b24cd47d51ac8d50cbd Referring to #1296 this fix the 920440 regex to \.[^\.]+$ preventing to make it match something like .com.sql instead of .sql.

Issue Analytics

State:
Created 3 years ago
Comments:5

Top GitHub Comments

1reaction

CRS-migration-botcommented, May 13, 2020

User theMiddleBlue commented on date 2019-01-28 16:17:20:

fgsch I think I’ve done with rebase. Could you check if it’s ok?

1reaction

CRS-migration-botcommented, May 13, 2020

User theMiddleBlue commented on date 2019-01-28 11:06:20:

thanks fgsch I try to commit it without escape

Top Results From Across the Web

Bug on 920440 restricted extension · Issue #1296 - GitHub

There's a problem on the 920440 regex. This rule uses \.(.*)$ for matching file extensions like .sql. The problem is that it doesn't...

[Owasp-modsecurity-core-rule-set] Issues with tx ...

Im having some issues with some of my requests being blocked based on extension , I do not have .php or .html on...

WAF Rule - File Extension to be blocked - Kemp Support

1- Disable the Rule 920440 from that VS and allow all extensions · 2 - Create an equivalent rules to allow the file...

CRS rule groups and rules - Azure Web Application Firewall

920440, URL file extension is restricted by policy. 920450, HTTP header is restricted by policy (%{MATCHED_VAR}).

Including OWASP ModSecurity Core Rule Set - netnea

ModSecurity Core Rule Set Inclusion Include /apache/conf/crs/rules/*.conf ... 224 920440 URL file extension is restricted by policy 245 941110 XSS Filter ...