From 38cabcaf237bcbeccf4fefe2146bc418282ddb0e Mon Sep 17 00:00:00 2001
From: 4ft35t <af.ttcn@gmail.com>
Date: Thu, 13 Jun 2013 17:01:55 +0800
Subject: [PATCH] fix regex error

---
 base_rules/modsecurity_crs_50_outbound.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/base_rules/modsecurity_crs_50_outbound.conf b/base_rules/modsecurity_crs_50_outbound.conf
index 3a020d957..e5ac4771a 100644
--- a/base_rules/modsecurity_crs_50_outbound.conf
+++ b/base_rules/modsecurity_crs_50_outbound.conf
@@ -132,7 +132,7 @@ SecRule RESPONSE_STATUS "!^404$" \
 	SecRule RESPONSE_BODY "\bServer Error in.{0,50}?\bApplication\b" "t:none,capture,setvar:'tx.msg=%{rule.msg}',setvar:tx.outbound_anomaly_score=+%{tx.error_anomaly_score},setvar:tx.anomaly_score=+%{tx.error_anomaly_score},setvar:tx.%{rule.id}-OWASP_CRS/LEAKAGE/ERRORS-%{matched_var_name}=%{tx.0}"
 
 # Directory Listing
-SecRule RESPONSE_BODY "(?:<(?:TITLE>Index of.*?<H|title>Index of.*?<h)1>Index of|>[To Parent Directory]<\/[Aa]><br>)" \
+SecRule RESPONSE_BODY "(?:<(?:TITLE>Index of.*?<H|title>Index of.*?<h)1>Index of|>\[To Parent Directory\]<\/[Aa]><br>)" \
         "phase:4,rev:'2',ver:'OWASP_CRS/2.2.6',maturity:'9',accuracy:'9',t:none,capture,ctl:auditLogParts=+E,block,msg:'Directory Listing',logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',id:'970013',tag:'OWASP_CRS/LEAKAGE/INFO_DIRECTORY_LISTING',tag:'WASCTC/WASC-13',tag:'OWASP_TOP_10/A6',tag:'PCI/6.5.6',severity:'3',setvar:'tx.msg=%{rule.msg}',setvar:tx.outbound_anomaly_score=+%{tx.error_anomaly_score},setvar:tx.anomaly_score=+%{tx.error_anomaly_score},setvar:tx.%{rule.id}-OWASP_CRS/LEAKAGE/INFO-%{matched_var_name}=%{tx.0}"
 
 SecMarker END_OUTBOUND_CHECK