Feature #3200
closed
pcre: allow operation as transform
Added by Victor Julien over 4 years ago.
Updated almost 4 years ago.
Description
The idea is that pcre could be used to capture a substring (just 1 I suppose) to pass for inspection or further transformation.
Artificial example:
http.request_line; pcrexform:"/[A-z]+\s+(.*)\s+HTTP/"; content:"/index.html";
Here the requestline would be passed in, pcrexform would capture the URI in substring and replace the buffer with its value. Then the content would match on that.
- Blocked by Feature #3199: transformation should be able to take options added
- Status changed from New to Feedback
I've set this to 'community' until we've reached some feedback about whether this would be useful.
- Subject changed from pcre: allow operation at transform to pcre: allow operation as transform
- Status changed from Feedback to Assigned
- Assignee changed from Community Ticket to Jeff Lucovsky
- Target version changed from TBD to 6.0.0beta1
- Status changed from Assigned to In Review
- Status changed from In Review to Closed
Also available in: Atom
PDF