|
|
Subscribe / Log in / New account

ModSecurity for web-application firewalls

ModSecurity for web-application firewalls

Posted Dec 17, 2016 4:50 UTC (Sat) by dune73 (guest, #17225)
In reply to: ModSecurity for web-application firewalls by smurf
Parent article: ModSecurity for web-application firewalls

Sure thing. It's a simple example with a simple regex.

The real world rules for free text fields are a bit more complex.

to post comments

ModSecurity for web-application firewalls

Posted Dec 17, 2016 11:15 UTC (Sat) by anselm (subscriber, #2796) [Link] (1 responses)

Actually, people may not even have surnames. Fortunately the original regex takes that into account; let's hope that the actual application does, too.

ModSecurity for web-application firewalls

Posted Dec 18, 2016 4:57 UTC (Sun) by dune73 (guest, #17225) [Link]

It is tempting to do the full input validation via ModSecurity rules. But the client and the application are in a much better position to do so.

Not having a surname is a typical example. It's up to the application to decide what to do with such a registration. ModSecurity should concentrate on security and leave people without a surname alone.


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds