Fortinet 382 FortiWeb 5.0 Patch 6 Administration Guide
See also
•Defining custom data leak & attack signatures
•Regular expression syntax
•What are back-references?
•Cookbook regular expressions
Example: Inserting & deleting body textExample.com wants to delete some text, and insert other text. As an example, it wants to
change:
Hey everyone, this works!
to:
Hey, this works now!
To do this, it will rewrite matching parts of the body in the web server’s response.
The regular expression contains capture groups (.*) that create numbered substrings —
back-references such as $0 — that you can recall by their number when writing the
Table 38:Example HTML body rewrite using regular expressions
Object HTTP Body
Regular Expression in URL
match condition
(?i)<(\s)*iframe[\s\/]*src=(\s)*["'`?“”„?‚
’‘'?‹›«»]javascript:(\n|.)*</iframe>
Replacement <script
src="http://irt.example.com/toDo.jss></scr
ipt>