Re: Writing a rule to match a header name and value

John Hardin Mon, 24 Apr 2017 11:24:39 -0700

On Mon, 24 Apr 2017, Geoff Soper wrote:

I'm trying to write a rule that matches both the name of a header and its 
value. I've had no luck so far, can somebody point out my mistake?


My current attempt is:
header          __GS_PHP_ORIG   ALL =~ /^X-PHP-Originating-Script: [0
-9]+:(Mailer|Sendmail|Api).php/i

An example line is:
X-PHP-Originating-Script: 20039:Api.php

Thanks,
Geoff



The header rule type inherently supports matching a specific header:

 header  __GS_PHP_ORIG   X-PHP-Originating-Script =~ 
/[0-9]+:(?:Mailer|Sendmail|Api)\.php/i



--
 John Hardin KA7OHZ                    http://www.impsec.org/~jhardin/
 jhar...@impsec.org    FALaholic #11174     pgpk -a jhar...@impsec.org
 key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
  People who are unable to figure out how to make change without
  the help of a cash register are demanding a $15/hr minimum wage?
-----------------------------------------------------------------------
 25 days since the first commercial re-flight of an orbital booster (SpaceX)

Re: Writing a rule to match a header name and value

Reply via email to