Re: max length of pcre rule?

From: Henrik K (no email)
Date: Mon Mar 29 2010 - 12:25:50 EDT

  • Next message: Noel Jones: "Re: bounce email"

    On Mon, Mar 29, 2010 at 06:13:15PM +0200, Steve wrote:
    >
    > -------- Original-Nachricht --------
    > > Datum: Mon, 29 Mar 2010 19:00:36 +0300
    > > Von: Henrik K <>
    > > An:
    > > Betreff: Re: max length of pcre rule?
    >
    > > On Mon, Mar 29, 2010 at 05:17:22PM +0200, Louis-David Mitterrand wrote:
    > > > On Mon, Mar 29, 2010 at 04:55:19PM +0200, Steve wrote:
    > > > > > You if/endif suggestion for the prefix is interesting.
    > > > > >
    > > > > > For added safety, the individual rules should be anchored with ^ and
    > > the
    > > > > > bracketed atom plussed, no?
    > > > > >
    > > > > > /^[^:]+:.+
    > > > > >
    > > > > Yes. You are right. But to be honest this should be enough (just an
    > > example):
    > > > > 001) if
    > > /^Received|X\-((Origin(ating)?|Client|MDRemote|Sender)\-?IP|(Client|Remote_)Addr|PHP\-Script):/
    > > > > 002) /\b(127\.0.\d+\.\d+)\b/ REJECT aviso.ci junk 2
    > > > > 003) endif
    > > > >
    > > > >
    > > > > * Rule 001 will match a specific header.
    > > > > * Rule 002 will match 127.0.xxx.xxx
    > > > > * 127.0.xxx.xxx could be anchored with ^ but the rule/if-condition in
    > > > > 001 is already taking care of that 127.0.xxx.xxx is not part of the
    > > > > header name. So you can shorten the regexp to just "/\b(<ip you
    > > > > check/rule>)/b REJECT blah-blah-blah"
    > > >
    > > > Indeed, on second thought the anchoring is useless in individual rules,
    > > > making it much more readable/managable.
    > > >
    > > > Thanks for taking to time to de-parse my giga-rule into its component
    > > > parts!
    > >
    > > In theory that's quite inefficient.
    > >
    > What is inefficient? The combining of rules or the splitting?

    Executing a bunch of expressions instead of one.


  • Next message: Noel Jones: "Re: bounce email"





    Hosted Email Solutions

    Invaluement Anti-Spam DNSBLs



    Powered By FreeBSD   Powered By FreeBSD