This SQL Injection rule is causing me serious headaches. It has a lot of false positives, and it always matches twice, once with the case it finds, and once after it lower-cases the values. This makes it very hard to write an exception for.
It seems to be so crude as to match the word "and" in just about any context that includes white space. It matches in filenames (which is not too bad), URLs, and even standard HTML form values. For now I've commented it out completely because in Anomaly Scoring mode I couldn't manage to write an exception that would turn it off. Any ideas for a better solution? Josh _______________________________________________ Owasp-modsecurity-core-rule-set mailing list [email protected] https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
