Firewall rule to match specific query string parameter using regex – Security
I’m trying to create a firewall rule that triggers a challenge based on the presence of a URL parameter in the query string. While I can create a regex that matches the specific param=value portion of the query string, I can’t seem to get the regex to match the entire query string.
I want to challenge any request that has myparam=1234
in the URL (4 digits for the value). myparam=12345
would not be challenged. I have a rule that handles this if the matched param+value is the only thing in the query sting. But if my query string is myparam=1324&otherparam=abc
or foo=bar&myparam=1234
, then the pattern doesn’t match. Here’s my pattern:
(W|^)myparam=[0-9]{4}(W|$)
I’ve tried adding “” and “.” to the beginning and end in various places, but it basically gets ignored.
Anyone have a suggestion as to how to properly handle a wildcard for preceding and trailing params?
Thanks!
Read more here: Source link