[Varnish] #1121: Escaped double quote mark within a regex is not recognized
Varnish
varnish-bugs at varnish-cache.org
Tue Apr 3 08:40:14 CEST 2012
#1121: Escaped double quote mark within a regex is not recognized
----------------------+-----------------------------------------------------
Reporter: gnotaras | Type: defect
Status: new | Priority: normal
Milestone: | Component: build
Version: 3.0.2 | Severity: normal
Keywords: |
----------------------+-----------------------------------------------------
I tried to use the following check (taken from the mod_security's core
ruleset) to detect command injection attacks. The vcl compiler throws an
error.
default.vcl:
{{{
if (req.url ~
"(?:(?:[\;\|\`]\W*?\bcc|\b(wget|curl))\b|\/cc(?:[\'\"\|\;\`\-\s]|$))") {
error 403 "Forbidden";
}
}}}
vcl compiler error:
{{{
# varnishd -f default.vcl -d
Message from VCC-compiler:
Syntax error at
('input' Line 124 Pos 72)
if (req.url ~
"(?:(?:[\;\|\`]\W*?\bcc|\b(wget|curl))\b|\/cc(?:[\'\"\|\;\`\-\s]|$))") {
-----------------------------------------------------------------------#------------------
Running VCC-compiler failed, exit 1
VCL compilation failed
}}}
If I remove the escaped double quote from within the regex, the rule
becomes:
{{{
req.url ~
"(?:(?:[\;\|\`]\W*?\bcc|\b(wget|curl))\b|\/cc(?:[\'\|\;\`\-\s]|$))"
}}}
And the vcl compiler validates it properly without errors.
--
Ticket URL: <https://www.varnish-cache.org/trac/ticket/1121>
Varnish <https://varnish-cache.org/>
The Varnish HTTP Accelerator
More information about the varnish-bugs
mailing list