Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Fix 920440 "URL file extension is restricted by policy" regex

See original GitHub issue

_Issue for tracking original pull request created by user theMiddleBlue on date 2019-01-28 09:58:27. Link to original PR: https://github.com/SpiderLabs/owasp-modsecurity-crs/pull/1297._

HEAD is: 03b0b408b5032f7fda3697475cf408df2f32bf70 BASE is: 4ad894096c4100a8a3813b24cd47d51ac8d50cbd Referring to #1296 this fix the 920440 regex to \.[^\.]+$ preventing to make it match something like .com.sql instead of .sql.

Issue Analytics

State:
Created 3 years ago
Comments:5

Top GitHub Comments

1reaction

CRS-migration-botcommented, May 13, 2020

User theMiddleBlue commented on date 2019-01-28 16:17:20:

fgsch I think I’ve done with rebase. Could you check if it’s ok?

1reaction

CRS-migration-botcommented, May 13, 2020

User theMiddleBlue commented on date 2019-01-28 11:06:20:

thanks fgsch I try to commit it without escape

Top Results From Across the Web

Bug on 920440 restricted extension · Issue #1296 - GitHub

There's a problem on the 920440 regex. This rule uses \.(.*)$ for matching file extensions like .sql. The problem is that it doesn't...

[Owasp-modsecurity-core-rule-set] Issues with tx ...

Im having some issues with some of my requests being blocked based on extension , I do not have .php or .html on...

WAF Rule - File Extension to be blocked - Kemp Support

1- Disable the Rule 920440 from that VS and allow all extensions · 2 - Create an equivalent rules to allow the file...

CRS rule groups and rules - Azure Web Application Firewall

920440, URL file extension is restricted by policy. 920450, HTTP header is restricted by policy (%{MATCHED_VAR}).

Including OWASP ModSecurity Core Rule Set - netnea

ModSecurity Core Rule Set Inclusion Include /apache/conf/crs/rules/*.conf ... 224 920440 URL file extension is restricted by policy 245 941110 XSS Filter ...