From 088aaea40e1c7cd9087e21605c26d6bd439b5ef0 Mon Sep 17 00:00:00 2001
From: Vsevolod Stakhov <vsevolod@highsecure.ru>
Date: Sat, 26 Nov 2016 14:51:19 +0000
Subject: [Fix] Remove or fix hyperscan incompatible regexps

---
 rules/regexp/compromised_hosts.lua | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'rules/regexp/compromised_hosts.lua')

diff --git a/rules/regexp/compromised_hosts.lua b/rules/regexp/compromised_hosts.lua
index 69e77742f..e5e6e6aec 100644
--- a/rules/regexp/compromised_hosts.lua
+++ b/rules/regexp/compromised_hosts.lua
@@ -97,7 +97,7 @@ reconf['HAS_WP_URI'] = {
 }
 
 reconf['WP_COMPROMISED'] = {
-  re = '/\\/wp-(?!content|includes)[^\\/]+\\//Ui',
+  re = '/\\/wp-(?:content|includes)[^\\/]+\\//Ui',
   description = "URL that is pointing to a compromised WordPress installation",
   score = 5.0,
   group = "compromised_hosts"
-- 
cgit v1.2.3