Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Adopt the undocumented unconditionalMatch operator

See original GitHub issue

_Issue originally created by user dune73 on date 2016-08-26 16:53:39. Link to original issue: https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/554._

The undocumented operator @unconditionalMatch does exactly what you expect it to do.

Example Use:

SecRule REMOTE_ADDR "@unconditionalMatch" "id:1000,phase:1,pass,nolog,t:hexEncode,setvar:TX.ip_hash=%{MATCHED_VAR}"

We do empty regex matches quite a lot in situations similar to the example above. This means we match @rx . or something of the sort in order to fill %{MATCHED_VAR}. And this brings a substantial overhead, which can be avoided by the use of @unconditionalMatch.

Furthermore, I have a feeling it will - when combined with chain - allow for new rule constructs of the following form:

SecRule ARGS "@rx test" "id:1000,phase:1,pass,log,chain"
   SecRule MATCHED_VARS_NAME "@unconditionalMatch" "setvar:..."

I need to think about this some more, but this could potentially bring solutions to the problem, that the rule chains first loop over all ARGS of the first rule and then loop over the 2nd rule with all matched vars (instead of the 2nd rule immediately after the first match). This “first rule loop first” results in the 2nd rule not knowing which ARGS it is working on. unconditionalMatch might help. Or maybe not.

Issue Analytics

State:
Created 3 years ago
Comments:9

Top GitHub Comments

1reaction

CRS-migration-botcommented, May 13, 2020

User lifeforms commented on date 2016-08-27 09:25:44:

A small, localized party is in order.

1reaction

CRS-migration-botcommented, May 13, 2020

User dune73 commented on date 2016-08-27 03:18:24:

It is funny, I wanted to have this operator for several weeks now and was thinking about doing a feature request.

Then yesterday as I was reading the debug_log I saw it displayed during the execution of SecAction. It seems this is used to implement SecAction via SecRule.

Then I googled it and found it is used by Ivan in the performance chapter in a recipe on page 192. (Actually next to @noMatch but I did not notice this yesterday. Thanks for pointing this out).

Somehow it felt like a x-mas gift or an archaeological discovery. 😉

Top Results From Across the Web

Adopt the undocumented unconditionalMatch operator #554

This means we match @rx . or something of the sort in order to fill %{MATCHED_VAR} . And this brings a substantial overhead,...

Adopt an Undocumented "Illegal" Immigrant and Get a ...

It is possible for a U.S. citizen to adopt an undocumented "illegal" immigrant child, and obtain permanent U.S. residency. Here are the key...

LIFE AFTER COLLEGE: A GUIDE FOR UNDOCUMENTED ...

Students are matched based on preferences by the. National Resident Matching Program (NRMP) to ensure that applicants have a residency program appointment.

Exhibit B

homelessness developed through the Homeless Initiative adopted by the Board. ... funded project, its objectives, status, and outcomes, any matching funds ...

Immigration Options for Undocumented Immigrant Children

If the conditional permanent resident does this successfully, they will become a lawful permanent resident (have a regular, unconditional “green card”).