From another thread on this site I found this regex that I used to detect all ctrl chars for an AWS WAF rule:
(?i)0x([01][0-9A-F]|7F)
My issue is it's too restrictive; it blocked a URI that contains:
/...120x120.png
How can I tweak the regex to detect 0x12 but not ...120x120...?
You can use a negative lookbehind:
(?i)(?<!\d)0x([01][0-9A-F]|7F)
^^^^^^^
Details:
(?i) - case insensitive matching on(?<!\d) - no digit allowed on the left0x - a 0x string([01][0-9A-F]|7F) - Group 1: 0 or 1 and then a hex char, or 7F