On Jan 25, 2011, at 9:57 AM, Josh Gee wrote: > This SQL Injection rule is causing me serious headaches. It has a lot > of false positives, and it always matches twice, once with the case it > finds, and once after it lower-cases the values. This makes it very > hard to write an exception for. > > It seems to be so crude as to match the word "and" in just about any > context that includes white space. It matches in filenames (which is > not too bad), URLs, and even standard HTML form values. > > For now I've commented it out completely because in Anomaly Scoring mode > I couldn't manage to write an exception that would turn it off. > > Any ideas for a better solution?
We have had some major issues with this one too and had to disable it. Can you not just do a `SecRuleRemoveById 950901' in your 48 local exceptions file? That's what I did, and I believe it to be working. _______________________________________________ Owasp-modsecurity-core-rule-set mailing list [email protected] https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
