On Mon, 24 Apr 2017, Geoff Soper wrote:
I'm trying to write a rule that matches both the name of a header and its
value. I've had no luck so far, can somebody point out my mistake?
My current attempt is:
header __GS_PHP_ORIG ALL =~ /^X-PHP-Originating-Script: [0
-9]+:(Mailer|Sendmail|Api).php/i
An example line is:
X-PHP-Originating-Script: 20039:Api.php
Thanks,
Geoff
The header rule type inherently supports matching a specific header:
header __GS_PHP_ORIG X-PHP-Originating-Script =~
/[0-9]+:(?:Mailer|Sendmail|Api)\.php/i
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
People who are unable to figure out how to make change without
the help of a cash register are demanding a $15/hr minimum wage?
-----------------------------------------------------------------------
25 days since the first commercial re-flight of an orbital booster (SpaceX)