Removed vulnerable catchall & anchor

5 years ago · d7ef5d166d
parent 3c83c19070
commit d7ef5d166d
1 changed files with 1 additions and 1 deletions
--- a/config/filter.d/nginx-bad-request.conf
+++ b/config/filter.d/nginx-bad-request.conf
@ -4,7 +4,7 @@
 [Definition]

 # The request often doesn't contain a method, only some encoded garbage
-failregex = ^<HOST> \- \S+ \[\] \".+\" 400 .+$
+failregex = ^<HOST> \- \S+ \[\] \"[^\"]+\" 400

 datepattern = {^LN-BEG}%%ExY(?P<_sep>[-/.])%%m(?P=_sep)%%d[T ]%%H:%%M:%%S(?:[.,]%%f)?(?:\s*%%z)?
              ^[^\[]*\[({DATE})