| |||||||||||||
|
| |||||||||||||
An updated Apache DOS advisoryAn updated Apache DOS advisoryPosted Aug 26, 2011 19:01 UTC (Fri) by cesarb (subscriber, #6266)In reply to: An updated Apache DOS advisory by nkiesel Parent article: An updated Apache DOS advisory
As to
> Should the regexp not be (?:,.*?){5,} instead of (?:,.*?){5,5} so that it matches 5 or more ranges and not just exactly 5?
It depends on whether the regex is anchored or not. If it is not anchored to the start and the end of the string, it will match on any sequence of exactly 5 ranges within the header, even if it has more.[*]
From the examples at https://httpd.apache.org/docs/2.2/mod/mod_setenvif.html#s..., it seems the regex is not anchored (some of the examples there anchor it explicitly).
[*] Actually, if I am reading it right, it should match whenever there are at least _6_ ranges, since it will ignore the first one because it is not preceded by a comma.
(Log in to post comments)
|
|
||||||||||||