Firewall Layer7 case-(in) sensitivity problem

przent · Sat Feb 02, 2013 9:29 pm

Hi,

I`m new to Mikrotik and RouterOS so if this question is "lame" and I haven`t read documentation properly than I`m sorry.
I`m using RB2011-UAS-RM with RouterOS 6.0rc7.

I`m using L7 regexp to block some web-sites which works, but I think I`ve spotted a real problem:

Following traffic sniffed via wireshark:

GET / HTTP/1.1\r\n
Host: pokec.azet.sk
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:18.0) Gecko/20100101 Firefox/18.0
....(and more...)

L7 RegExp:

^.*(get|GET).+(http|HTTP).+(h|H)ost:.+(uloz\.to|pokec).*$

I had to use an or "|" on "GET" and "H" to get the rule to match the above sniff. If I use the exact same case (Upper-case) only as is in the sniff, the rule wouldn`t match. If all lower-case, rule matches. To me its not logical so maybe it`s a bug.

So basically, is this a feature or a bug? If it`s a feature, where is the behaviour documented please?

Thanks!

jandafields · Sun Feb 03, 2013 7:24 am

This is a bug. The uppercase and lowercase inside the ROS code is mixed up.

This post confirms it:
http://forum.mikrotik.com/viewtopic.php?f=2&t=64685

przent · Sun Feb 03, 2013 11:42 pm

Yes thats the exact same problem. This seams to be easily testable and 100% reproducible bug than. Why it`s not fixed for that long time? Or is it and it popped up in 6.x again?

Where can I take a look on the reported bugs?

jandafields · Thu Feb 07, 2013 5:03 am

Yes thats the exact same problem. This seams to be easily testable and 100% reproducible bug than. Why it`s not fixed for that long time? Or is it and it popped up in 6.x again?

Where can I take a look on the reported bugs?

Email support@mikrotik.com so they know it is a serious problem.

Firewall Layer7 case-(in) sensitivity problem

Firewall Layer7 case-(in) sensitivity problem

Re: Firewall Layer7 case-(in) sensitivity problem

Re: Firewall Layer7 case-(in) sensitivity problem

Re: Firewall Layer7 case-(in) sensitivity problem