Hi I want to write a regular expression to search SQL Injection.
For example
‘123) ORDER BY 1-- KhUB’)])
‘123) ORDER BY 1435-- SQlQ’)])
‘123) ORDER BY 1-- wIYj’)])
‘123) ORDER BY 3116-- AdZB’)])
‘123)) ORDER BY 1-- NCMu’)])
I did
acl sql_injection path_reg -m reg -i .*ORDER\s+BY\s*(-?\d+)(--|\#)?.*
but it doesn’t work for me, I don’t understand why in regextester I checked everything and it finds everything,
PCRE2 library supports JIT : yes
Do I understand correctly that PCRE2 language is for regulars?
Please help me
Do not use -m reg when you are already using path_reg, which implies regular expressions.
Yes, but if you remove -m, it still doesn’t work. (
I think it is very unlikely that you want to look for SQL injection in the path only. Please read section 7.3.6 in the configuration manual:
http://docs.haproxy.org/2.8/configuration.html#7.3.6
You are probably looking for the query or the entire URL, so maybe some of those:
acl sql_injection query -m reg -i ...
acl sql_injection pathq -m reg -i ...
acl sql_injection url -m reg -i ...
I tried as you said, but it all doesn’t work I can’t understand why either I’m not writing the regular expression correctly or the problem is something else, that’s why I turned to the community
Start with something simple.
acl sql_injection pathq -m reg -i blockme
then check if it works:
curl -vv http://server/blockme
Increase configuration complexity only when the previous, simple configuration works.
If you start with the most complicated configuration first you will obviously have a hard time troubleshooting.