i wrote something similar to this but instead of of using .+, i used [^>]+,
supposedly a tad faster, iirc. also writing s?(?:<.+>)? as
(?:s(?:<[^>]+)?)? should be slightly faster cause if it fails to match on
the 's' it won't move on to check for the
-Rocky
On Thu, Mar 31, 2005 at 11:35:26AM +0200, John Wilcock wrote:
> >http://getpo >Williams>rnodvd. >Huw>com
>
> This looks like an effective way of getting round URIRBLs (though of
> course it requires the end user to cut and paste).
>
> The rule below seems to catch the technique. Any suggestions for
> improving it or any other rules to suggest?
>
> # 2005-03-31 new rule
> rawbody local_OBFU_HTTP
> /(?!https?:\/\/)h(?:<.+>)?t(?:<.+>)?t(?:<.+>)?p(?:<.+>)?s?(?:<.+>)?:(?:<.+>)?\/(?:<.+>)?\/(?:<.+>)?/im
> describe local_OBFU_HTTP HTTP obfuscated with tags
> scorelocal_OBFU_HTTP 1.0
>
> John.
>
> --
> -- Over 2500 webcams from ski resorts around the world - www.snoweye.com
> -- Translate your technical documents and web pages- www.tradoc.fr
>
--
__
what's with today, today?
Email: [EMAIL PROTECTED]
PGP:http://rocky.mindphone.org/rocky_mindphone.org.gpg
signature.asc
Description: Digital signature
