I suggest that you add in the following SecRuleUpdateTargetById directive (http://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Referen ce_Manual#SecRuleUpdateTargetById) to a local modsecurity_crs_60_customrules.conf file -
SecRuleUpdateTargetById 981172 !REQUEST_COOKIES:'/^__utm/' This will create an exception so that the existing rule will not inspect the Google Analytics Cookie data. -Ryan On 8/8/11 4:04 AM, "Danilo Godec" <[email protected]> wrote: >Hello, > >I'm very new to mod_security - installed it on one of my server a couple >of days ago along with core rules 2.2.1. > >I had to create a couple of exceptions as some common Slovene words >contain strings that trigger some SQL injection rules. For example - the >word 'slike' (meaning 'pictures') obviously contains 'like' which >triggers one or more of the rules in >modsecurity_crs_41_sql_injection_attacks.conf. > > >Anyway, I also noticed that Google Analytics cookie __utmz often >triggers these rules as it sometimes (quite often, actually) contains >things like 'n=(n' - for example: > >__utmz=42207527.1312789542.1.1.utmgclid=CIvzq5Gav6oCFZQm3wodY1mF5w|utmccn= >(not+set)|utmcmd=(not+set) > > >What's a recommended practice to handle thinks like that? > > Danilo > >_______________________________________________ >Owasp-modsecurity-core-rule-set mailing list >[email protected] >https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set > This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. _______________________________________________ Owasp-modsecurity-core-rule-set mailing list [email protected] https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
