From 38dc8147e03fee859811c44b700a9ab8c25c2729 Mon Sep 17 00:00:00 2001
From: CrazyCat <crazycat@c-p-f.org>
Date: Fri, 24 Jun 2016 16:25:47 +0200
Subject: [PATCH] Modified regex

This regex works with both apache and nginx logs
---
 apache-sqlinject.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/apache-sqlinject.conf b/apache-sqlinject.conf
index 16212cc..154f2a1 100644
--- a/apache-sqlinject.conf
+++ b/apache-sqlinject.conf
@@ -14,7 +14,7 @@ sqlfragments_havij = and(\+|%%20)ascii%%28substring|and(\+|%%20)Length|union(\+|
 # Notes.:  Regex to try to detect SQL injection trials
 # Values:  TEXT
 #
-failregex = ^<HOST> -[^"]*"[A-Z]+\s+/[^"]*\?[^"]*(?:%(sqlfragments_generic)s|%(sqlfragments_havij)s)[^"]*HTTP[^"]*"
+failregex = (?i)<HOST> -.*"(GET|POST).*(?:%(sqlfragments_generic)s|%(sqlfragments_havij)s)[^"]*HTTP[^"]*".*
 
 # Option:  ignoreregex
 # Notes.:  regex to ignore. If this regex matches, the line is ignored.