problems with regex within ctl:ruleRemoveTargetByTag

[Shuro]

I've got a second problem:

    SecRule REQUEST_FILENAME "^/../login$" "phase:1,id:1005,t:none,nolog,pass,ctl:ruleRemoveTargetByTag=OWASP_CRS/(WEB_ATTACK/(SQL_INJECTION|XSS|LDAP_INJECTION)|PROTOCOL_VIOLATION/EVASION);ARGS:login[password]"

is one of my rules. In my logic it should work, but I get the following
error:

    Syntax error on line 23 of 
    /etc/modsecurity/modsecurity_crs_15_pre_custom.conf:
    Error parsing actions: ModSecurity: Invalid regular expression 
    "OWASP_CRS/(WEB_ATTACK/(SQL_INJECTION"
    Action 'configtest' failed.
    The Apache error log may have more information.
      failed!

It seems so that the problem is caused by the pipe in the regex-expression, but why?

The Regex is complete and should work, see here:
See: https://www.debuggex.com/r/gPYlTgYDoVVPJj3g

[celesteking]

2 years to fix?!
Whitelisting is a very tedious task, guys.

just look at this ---

!REQUEST_COOKIES:/^(acudeoSession.*\|espnAuth\|cto(Visitor\|Session\|PageName)\|bp_channel_id\|optimizely(CustomEvents\|Segments\|Buckets))$/"

And I can't use this construct becase of your regex parsing limitation.

[martinhsv]

This has been recently re-confirmed in v2.9, but it's unclear whether it's worth fixing the issue in that branch.

In v3.x, ctl:ruleRemoveTargetByTag does not currently support regex matching at all.