Support for multi ignore_regex

p0pr0ck5 / lua-resty-waf

High-performance WAF built on the OpenResty stack

GNU General Public License v3.0

1.28k stars 305 forks source link

Support for multi ignore_regex #242

Closed qleein closed 7 years ago

qleein commented 7 years ago

How to write the rule config when meet the rule bellow, from owasp-modsecurity-crs. SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|!REQUEST_COOKIES:/_pk_ref/

If I use the modsec2lua-resty-waf.pl to convert, obviously result is wrong .


"vars": [
                {
                    "parse": {
                        "values": 1
                    }, 
                    "type": "COOKIES"
                }, 
                {
                    "parse": {
                        "ignore_regex": "__utm"
                    }, 
                    "type": "COOKIES"
                }, 
                {
                    "parse": {
                        "ignore_regex": "_pk_ref"
                    }, 
                    "type": "COOKIES"
                }, 
``

p0pr0ck5 commented 7 years ago

Hi,

Sorry for the delayed response, I thought I left a response but I don't see it here. Can you please let me know what specifically you see wrong here?

qleein commented 7 years ago

If first var matched, Two "ignore_regex" rule would been ignored. In function _process_rule in waf.lua, when matched, the whole cycle would breaked.

for k, v  in pairs(vars) do
     ..........
    if match then
        ......
       break
    end
end

p0pr0ck5 commented 7 years ago

Ah, yes. There are a few changes that need to be made here:

Collection parsing should treat element ignores like a sieve, rather than a separate collection
Translation should happen as such

Thanks for the report!

p0pr0ck5 commented 7 years ago

Hi @qlee001,

This should be resolved on the development branch. Please let me know if you run into trouble with this and I'll re-open this issue. Thanks!