Hi Jaired,
Thanks for trying :)
Unfortunately, it doesn't block.
Your signature should have blocked the request if I put anything that is not letters (upper or lowercase)
But, it didn't block non-letters chars.
On the other hand, when I put letters, it didn't block too - which is good.
It's interesting since I checked your regex in regex101 and the syntax looks correct
but from some unknown reason, the SecureSphere WAF didn't block non-letters requests.
------------------------------
Noam Rotter
Security Engineer
Jerusalem
------------------------------
Original Message:
Sent: 03-22-2022 09:32
From: Jaired Anderson
Subject: Regular expression in signatures - negation
Hi Noam,
Give the following Regex a try. Please test this in a nonproduction environment first.
^.*(?![A-Za-z]).+$
Original Message:
Sent: 03-22-2022 03:35
From: Noam Rotter
Subject: Regular expression in signatures - negation
Hi all,
I am trying to create a custom signature which defines what is allowed rather than what's not allowed.
For example, for this URI: /user_login.asp?user=
For the parameter user I want to allow only [a-z] letters.
How do I do that in regular expression?
This is how to block [a-z]:
Part="user_login.asp", part="user", rgxp="user=\s*[a-z]"
How do I change the signature to allow only [a-z] ?
Thanks,
Noam.
#On-PremisesWAF(formerlySecuresphere)
------------------------------
Noam Rotter
Security Engineer
Jerusalem
------------------------------