Matching whitepace in MainRule rx

[GoogleCodeExporter]

I'm having trouble matching whitespace in rules.  I want to do this so that I 
can match "delete " but not "delete.gif".  I've tried " " "\ " "\s" and 
"[space:]" without success.  I cannot get naxsi to block "delete " but not 
"deletex".

Interestingly, if I specify a rx of "delet[a|e]te" I match both "delete" and 
"delate", so rx works in general.

The rule I'm trying to modify is the standard MainRule 
"rx:select|union|update|delete|insert|table|from|ascii|hex|unhex|drop" "msg:sql 
keywords" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:4" id:1000;

I'm running Centos 6.4 i386 in a VM, nginx 1.5.2 and naxsi 0.49

Thanks in Advance,
Mike

Original issue reported on code.google.com by asifyouc...@gmail.com on 25 Jul 2013 at 9:17

[EugenePikalov]

Try delete([+\s]+)from

If your request is login=%3Cimg src everything is fine, but for login=%3Cimg+src it will not work. So you need to add "+" as space. But it looks like a naxsi's bug.