Hello,
need help from IPS regex guru - trying to build the signature to detect SQL update statement in HTTP requests.
1) Am I correct with regex below specified as Request-Regex?
[Uu][Pp][Dd][Aa][Tt][Ee]([%]20|[+])[\x20-\x7e]+[Ss][Ee][Tt]([%]20|[+])[\x20-\x7e]+=
2) How do I make sure that it detects 'Update' in URI and Arguments only and not in the body on entire webserver response (currently looks like the case)?