|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: "Potted" regexquestion
From: WC -Sx- Jones (WC-Sx-Jones
insecurity.org)
Date: Sat Apr 17 2004 - 10:01:52 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
WC -Sx- Jones wrote:
> Tony Earnshaw wrote:
>
>> /(?:^Received:\s{1,2}from\s+.+213\.37\.(?:(?:(?:1(?:[5-9][0-9])|(?:2(?:0|1|2|3|4)[0-9])|(?:25[0-1]))))\.\d{1,3})/
> Something like:
>
> /\[213\.37\.[150-251]\.[0-255]\]/
OK, after thinking some more about this; I feel that
/213\.37\.(?:(?:(?:1(?:[5-9][0-9])|(?:2(?:0|1|2|3|4)[0-9])|(?:25[0-1]))))\.\d{1,3}/
is as short as required - logically if you see the banned IP in the
HEADERS -- then the whole e-mail is suspect, no?
If so, this can literally be written as:
/213\.37\.[150-251]\.[0-255]/ or
/213\.37\.(?:[150-251])\.(?:[0-255])/ or
/213\.37\.(?:150...251)\.(?:0...255)/
But while they are syntactically correct -- none work :(
Grrrrrrrrrrrrrr ...
--
_Sx_ http://youve-reached-the.endoftheinternet.org/ _____
http://jaxpm.insecurity.org/
http://cis4dl.insecurity.org/
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]