Reputation: 1171
Ignoring URL if contains specified word in URL GET parameters
I'm working on script that would show potentially dangerous HTTP requests, but I don't know how to filter URI in HTTP request correctly. The idea is to look if any URL is contained in GET parameters, but ignore the URLs which are added to GET parameter with specified word (for example - GET parameter with name goto can contain any URL. So if there is starting line of request like this ...
GET /check/request?first=1&second=http://domain.tld/something&third=3 HTTP/1.1
... there must be match. In case we have other request's starting line like ...
GET /check/request?goto=http://domain.tld/something HTTP/1.1
... this one should be ignored.
Base regex which matches any line with URL is:
^(GET|POST).*\?.*\=http\:\/\/.* HTTP\/.*$
I was trying to modify it correctly, but my version only matches lines which contains word goto in URL itself, not as parameter:
^(GET|POST).*\?.*(?!.*goto)\=http\:\/\/.* HTTP\/.*$
Any help would be appreciated.
Upvotes: 0
Views: 266
Answers (2)
Reputation: 5543
UPDATE
^(GET|POST).*\?.*(?<!goto)\=http\:\/\/.* HTTP\/.*$
Check here
Upvotes: 1
Reputation: 9650
You probably meant lookbehind to http://.* rather than lookahead to .*:
^(GET|POST).*\?.*(?<!goto)\=http\:\/\/
Please see an example on regex101.
Upvotes: 1
Related Questions
- Regex: match URLs except some?
- Regular expression to exclude string from match
- Regex to match only specific parameters in URLs
- Regex - how to avoid matching a pattern if its inside a URL
- Regex: ignore if url contains one of two words
- How to exclude a word or string from an URL - Regex
- REGEX - How to ignore some query strings in URLS, but not in others
- Match url with regex but leave specific string from match
- Match everything but not part of a url
- regexp, don't match url