Firewall rule to match specific query string parameter using regex – Security

I’m trying to create a firewall rule that triggers a challenge based on the presence of a URL parameter in the query string. While I can create a regex that matches the specific param=value portion of the query string, I can’t seem to get the regex to match the entire query string.

I want to challenge any request that has myparam=1234 in the URL (4 digits for the value). myparam=12345 would not be challenged. I have a rule that handles this if the matched param+value is the only thing in the query sting. But if my query string is myparam=1324&otherparam=abc or foo=bar&myparam=1234, then the pattern doesn’t match. Here’s my pattern:

(W|^)myparam=[0-9]{4}(W|$)

I’ve tried adding “” and “.” to the beginning and end in various places, but it basically gets ignored.

Anyone have a suggestion as to how to properly handle a wildcard for preceding and trailing params?

Thanks!

Read more here: Source link