github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2026-01-16 08:27:10 +03:00
Code Issues Packages Projects Releases Wiki Activity

Added fuzzyHash operator.

zimmerle
2014-09-10 07:11:01 -07:00
parent 6a43f39cf4
commit 8e8bd69869
1 changed files with 4117 additions and 4105 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
Reference-Manual.mediawiki → Reference Manual.mediawiki

@@ -3557,6 +3557,18 @@ SecRule REQUEST_BODY "\@detectXSS" "id:12345,log,deny"
SecRule REQUEST_LINE "!@endsWith HTTP/1.1" "id:152" SecRule REQUEST_LINE "!@endsWith HTTP/1.1" "id:152"
</pre> </pre>
== fuzzyHash ==
'''Description:''' The fuzzyHash operator uses the ssdeep, which is a program for computing context triggered piecewise hashes (CTPH). Also called fuzzy hashes, CTPH can match inputs that have homologies. Such inputs have sequences of identical bytes in the same order, although bytes in between these sequences may be different in both content and length.
For further information on ssdeeep, visit its site: http://ssdeep.sourceforge.net/
'''Version:''' Will be part of ModSecurity v2.8.1. Currently in development branches.
'''Example:'''
<pre>
SecRule REQUEST_BODY "\@fuzzyHash /path/to/ssdeep/hashes.txt 6" "id:192372,log,deny"
</pre>
== eq == == eq ==
'''Description:''' Performs numerical comparison and returns true if the input value is equal to the provided parameter. Macro expansion is performed on the parameter string before comparison. '''Description:''' Performs numerical comparison and returns true if the input value is equal to the provided parameter. Macro expansion is performed on the parameter string before comparison.