Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Regex help for SQL update statement

Hello,

need help from IPS regex guru - trying to build the signature to detect SQL update statement in HTTP requests.

1) Am I correct with regex below specified as Request-Regex?

[Uu][Pp][Dd][Aa][Tt][Ee]([%]20|[+])[\x20-\x7e]+[Ss][Ee][Tt]([%]20|[+])[\x20-\x7e]+=

2) How do I make sure that it detects 'Update' in URI and Arguments only and not in the body on entire webserver response (currently looks like the case)?

1 REPLY
Gold

Re: Regex help for SQL update statement

1) It looks correct to me

2) Typically, the "service HTTP" engine is used to inspect requests and the "TCP string" engine is used to inspect HTTP server responses. If you only want to inspect requests, use the service HTTP engine.

293
Views
0
Helpful
1
Replies