Regular expressions

Hi I want to write a regular expression to search SQL Injection.

For example
‘123) ORDER BY 1-- KhUB’)])
‘123) ORDER BY 1435-- SQlQ’)])
‘123) ORDER BY 1-- wIYj’)])
‘123) ORDER BY 3116-- AdZB’)])
‘123)) ORDER BY 1-- NCMu’)])

I did
acl sql_injection path_reg -m reg -i .*ORDER\s+BY\s*(-?\d+)(--|\#)?.*

but it doesn’t work for me, I don’t understand why in regextester I checked everything and it finds everything,
PCRE2 library supports JIT : yes

Do I understand correctly that PCRE2 language is for regulars?
Please help me

Do not use -m reg when you are already using path_reg, which implies regular expressions.

Yes, but if you remove -m, it still doesn’t work. (

I think it is very unlikely that you want to look for SQL injection in the path only. Please read section 7.3.6 in the configuration manual:

You are probably looking for the query or the entire URL, so maybe some of those:

acl sql_injection query -m reg -i ...
acl sql_injection pathq -m reg -i ...
acl sql_injection url -m reg -i ...

I tried as you said, but it all doesn’t work I can’t understand why either I’m not writing the regular expression correctly or the problem is something else, that’s why I turned to the community

Start with something simple.

acl sql_injection pathq -m reg -i blockme

then check if it works:

curl -vv http://server/blockme

Increase configuration complexity only when the previous, simple configuration works.

If you start with the most complicated configuration first you will obviously have a hard time troubleshooting.