Bowie Bailey writes:
> I just got an email that hit the following:
>
> * 2.0 SPOOF_COM2OTH URI: URI contains ".com" in middle
> * 2.3 SPOOF_COM2COM URI: URI contains ".com" in middle and end
> * 2.5 SARE_SPOOF_COM2OTH URI: a.com.b.c
> * 2.5 SARE_SPOOF_COM2COM URI: a.com.b.com
>
> Did the SARE_SPOOF rules get included in the base ruleset while I wasn't
> looking?
>
> The rule definitions are almost the same.
>
> uri SARE_SPOOF_COM2OTH m{^https?://(?:\w+\.)+?com\.(?:\w+\.)+?com}i
> uri SPOOF_COM2OTH m{^https?://(?:\w+\.)+?com\.(?:\w+\.){2}}i
>
> uri SPOOF_COM2COM m{^https?://(?:\w+\.)+?com\.(?:\w+\.)+?com}i
> uri SARE_SPOOF_COM2COM m{^https?://(?:\w+\.)+?com\.(?:\w+\.){2,}}i
They've been part of the base ruleset since:
r106217 | quinlan | 2004-11-22 20:45:19 +0000 (Mon, 22 Nov 2004) | 2 lines
promote best URI-based T_SPOOF_* rules
--j.
