All regexes need to be case-insensitive

p0pr0ck5 / lua-resty-waf

High-performance WAF built on the OpenResty stack

GNU General Public License v3.0

1.28k stars 305 forks source link

All regexes need to be case-insensitive #298

Closed chupacabra007 closed 6 years ago

chupacabra007 commented 6 years ago

I try to filter all XSS from this list, using lua-resty-waf, but see that some requests are not filtered, because they have capital letters in them. For example, this type of request won't be filtered:

http://localhost/test/?a=<A HREF="http://1113982867/">XSS</A>

while this will be filtered

http://localhost/test/?a=<a href="http://1113982867/">XSS</A>

p0pr0ck5 commented 6 years ago

Hi,

Apologies for the delayed response. Since regular expressions can be defined with the (?i) modifier, it is up to the rule author to write rules with respect to case sensitivity. Thank you!