On Fri, 27 May 2011, Kris Deugau wrote:
I have a couple of instances of [a-z]+ and similar; is that effectively as
troublesome as .+ or .*?
Yes. "*" is "zero or more, unbounded" and "+" is "one or more, unbounded".
It's much better to have an upper limit in body and rawbody rules, e.g.
{0,80} or {1,80}
The upper limit may need some experimentation to set in specific cases,
but even so, {0,255} can be much less painful than *.
Header and URI texts are inherently fairly short so it's safer to use
unbounded matches against them, but even so it's good idea to simply get
in the habit of always using bounded matches when writing rules.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
How can you reason with someone who thinks we're on a glidepath to
a police state and yet their solution is to grant the government a
monopoly on force? They are insane.
-----------------------------------------------------------------------
3 days until Memorial Day - honor those who sacrificed for our liberty
