Welcome! Log In Create A New Profile

Advanced

Re: Strange rewrite_by_lua outcome

Tim Mensch
October 17, 2011 01:04AM
On 10/16/2011 10:50 PM, Nginx User wrote:
>
> BTW this works fine even though it has "\":
>
> local query_string = ngx.re.match(ngx.var.request_uri,
> "((php|sql)-?my-?admin/|my-?(php|sql)-?admin|(php|sql)-?manager)|(_vpi|xAou6|db_name|clientrequest|option_value|sys_cpanel|db_connect|doeditconfig|check_proxy|system_user|spaw2|prx2|thisdoesnotexist|proxyjudge1|ImpEvData|proxydeny|base64|crossdomain|localhost|wwwroot|mosconfig|scanner|proc/self/environ)|\.(outcontrol|rdf|XMLHTTP|cgi|asp|aspx|cfg|dll|exe|jsp|mdb|sql|ini|rar|inc|dll)|(/admin/sqlpatch\.php/password_forgotten\.php\?action=execute)|etc/passwd|/manager/html","io")

You're just doing "\." in that line. If Nginx strips that "\", then it
ends up in Lua as ".", which changes the meaning but will happen to work
in most cases (though it would match sqlpatch_php and other similar
strings, and not just sqlpatch.php, since the "." will be the wildcard).

Tim
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Subject Author Posted

Strange rewrite_by_lua outcome

Nginx User October 16, 2011 04:12PM

Re: Strange rewrite_by_lua outcome

agentzh October 16, 2011 08:56PM

Re: Strange rewrite_by_lua outcome

Nginx User October 17, 2011 12:48AM

Re: Strange rewrite_by_lua outcome

Nginx User October 17, 2011 12:52AM

Re: Strange rewrite_by_lua outcome

Tim Mensch October 17, 2011 01:04AM

Re: Strange rewrite_by_lua outcome

Nginx User October 17, 2011 12:34PM

Re: Strange rewrite_by_lua outcome

Tim Mensch October 17, 2011 01:46PM

Re: Strange rewrite_by_lua outcome

Nginx User October 17, 2011 01:56PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 119
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready