block php file access (using mod_sec) - mod-security

How can i block all access to a php file using mod_sec?
The file name has the form: sm6#.php, being # a random digit.

You can do it with a simple single rule such as:
SecRule REQUEST_LINE "#rx sm6[0-9]{1,}\.php" \
"phase:2,block,severity:2,msg:'Blocking access to sm6#.php files.'"
In this case, the {1,} means at least 1 digit (after the number 6) in the filename. You could change it to 2, 3, 4, or even 100 if you wanted to. Or restrict it to minimum 2 digits and maximum 6 digits using {2,6}. It uses PCRE pattern matching, so it's up to you!

SecRule REQUEST_FILENAME "sm6\d+\.php" "phase:1,block,severity:2,msg:'Blocking access to sm6#.php files.'"

Don't you think mod_sec is overpowered for this?
Just use .htaccess.

Related

Regex equal to or high than 125233000

I need a regex (for Google Analytics) that matches this number and any numbers higher: 125,233,000.
My regex skills are non-existent so big thanks in advance for the help.
A regular expression feels like the wrong way to to this, but something like this might work:
12523[3-9]\d{3}|1252[4-9]\d{4}|125[3-9]\d{5}|12[6-9]\d{6}|1[3-9]\d{7}|[2-9]\d{8}|\d{10,}
Here is a visualization of what this pattern is doing: Regexper
The overall expression is made up of several smaller expressions that all follow the same general structure, separated by the | (the equivalent of "or"). Here's one as an example:
1252[4-9]\d{4}
Breaking this expression down:
1252 - match the string 1252 exactly
[4-9] - match 4, 5, 6, 7, 8, or 9
\d{4} - match any 4 numbers (0-9)
The final part of the overall pattern is \d{9,}, which matches any sequence of at least 9 numbers.

Regex Expression on 16-digit number

I am stuck on this regex problem.
A 16-digit credit card number, with the first digit being a 5 and the second digit being a 1, 2, 3, 4, or 5 (the rest of the digits can be anything).
so far I have ^4[1,5]\d{14} and I know I'm missing a lot of things but I dont know what I'm missing..
please help and thanks!
Look at the start of your regex:
^4[1,5]
That says that the number must start with 4 (not 5), and that the second character must be 1, a comma, or 5.
You want this instead (followed by the rest, of course):
^5[1-5]
Note the use of - rather than , to indicate a range of characters.
The full regex you're looking for is the following
^5[1-5]\d{14}$
Demo
Your error lays in the fact that you used 1,5 as a range but this will just match 1 , or 5 as characters. To use a range, the - is needed between the enclosings

regex: match multiple allowed lengths?

So I want to allow A-Z with a length of 8 or 12.
I tried:
^[a-z]{8|12}$
but that doesn't work. What's the correct solution? (without repeating)
You need to use alternation like this:
^([a-z]{8}|[a-z]{12})$
There is no other regex solution that would not involve repeating the [a-z] part. At least you do not have to repeat the ^ and $ anchors if you use a grouping construct.
Alternatively, you may use an optional group, but that is only good when your pattern is static. Actually, the difference is negligent (tested at regexhero):
I'd suggest this solution:
^([a-z]{4}){2,3}$
It means that the group [a-z] of length 4 has to match either 2 (total length: 8) or 3 (total length: 12) times. This way the set of allowed characters has to be defined only once.
As an alternative to the "exactly 8 or exactly 12" types of patterns, here's an "8 and maybe 4 more" type pattern:
^[a-z]{8}([a-z]{4})?$
Try this
^[a-z]{8}$|^[a-z]{12}$
The multiple length field option isn't there, you have to give them out separately including the regex

Trying to check input textbox for time

I have to make this overview of questions and the user has to be able to insert a time.
To do this I made 2 textboxes, 1 is for the hour input and 1 is for the minute input.
What I want to do now is check if the values aren't to high to be correct.
Example:
The hour value cant be higher than 23 and the minute cant be higher than 59.
What is the best method for checking this?
I've been thinking about if statements but maybe there is a much more efficient way to get this done?
Maybe regular expressions, although I wouldnt know a correct syntax for this matter.
Thanks in advance.
If it has to be a regex:
^(?:2[0-3]|[01]?[0-9])$
will validate the hour and
^[0-5]?[0-9]$
will validate the minute.
Explanation for the "Hours" regex: (you can figure out the minutes yourself easily):
^ # Match start of string
(?: # Match either...
2[0-3] # 2, followed by 0, 1, 2 or 3,
| # or...
[01]? # 0 or 1 (optional; the empty string is OK, too), followed by
[0-9] # any digit
) # End of group
$ # Match end of string
If statements are definitely the way to go. There's no reason to use a regular expression for something so simple... it's like using a sledgehammer to place a small nail into a wall. If statements are also very efficient and easy to read... there's no reason to use regex for what you're doing.

Simple phone regex

I want a regex that checks the following things:
The string starts with an +
After the '+' only numbers can occur
There should be atleast 4 numbers after the +
Does anyone know how to make this?
/^+\d{4,}$/
will meet your requirements.
^ is the anchor for start fo the string
\d is a digit
{4,} says at least 4 of the preceding expression (here the \d). you can add a maximum if needed like {4,20} would allow at least 4 and at most 20 characters.
$ is the anchor for the end of the string
/^((00|\+)[0-9]{2,3}){0,1}[0-9]{4,14}$/
More general than your request, but you can specialize it. Explaining:
((00|\+)[0-9]{2,3})
international code with 00 or + and 2 or 3 digits. Modify the expression according to your needs.
{0,1}
international code is optional - remove it if it is required
[0-9]{4,14}
digits: minimum 4, maximum 14. Change the values according to your needs.
Regards
A.
/\+\d{4,15}/
This should help if 15 is the atmost limit of numbers
OR rather keep the second parameter blank as stema suggested.
I went with this one:
/\A(([+]\d{3,})?\d{6,8})/