Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
574
Views
0
Helpful
1
Replies

Regex help for SQL update statement

DSmirnov
Level 1
Level 1

‎10-02-2007 12:41 PM - edited ‎03-10-2019 03:49 AM

Hello,

need help from IPS regex guru - trying to build the signature to detect SQL update statement in HTTP requests.

1) Am I correct with regex below specified as Request-Regex?

[Uu][Pp][Dd][Aa][Tt][Ee]([%]20|[+])[\x20-\x7e]+[Ss][Ee][Tt]([%]20|[+])[\x20-\x7e]+=

2) How do I make sure that it detects 'Update' in URI and Arguments only and not in the body on entire webserver response (currently looks like the case)?

Labels:
0 Helpful
1 Reply 1

mhellman
Level 7
Level 7

‎10-04-2007 01:22 PM

1) It looks correct to me

2) Typically, the "service HTTP" engine is used to inspect requests and the "TCP string" engine is used to inspect HTTP server responses. If you only want to inspect requests, use the service HTTP engine.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card
Top