SA Bugzilla – Bug 7370
NUMERIC_HTTP_ADDR misfires on numeric hostnames
Last modified: 2019-06-18 14:02:25 UTC
I just received a false-positive report where NUMERIC_HTTP_ADDR fired on an all-numeric hostname part of a longer fully-qualified domain name. The domain part of the link was: https://2987979.fls.doubleclick.net/ Here's a suggested fix to ensure that it is really matching on the entire fully-qualified hostname part of the URI: uri NUMERIC_HTTP_ADDR m{^https?\://\d{7}(?:/|$)}is
That fix won't work because I think he's really just looking for at least 7 numbers not exactly 7 numbers
Who knows what the rules original intention was. Doesn't even hit anything right now. Fixing it to match only numeric/ips. Sending rules/20_uri_tests.cf Transmitting file data .done Committing transaction... Committed revision 1861579.