I have found that almost all rules in modsecurity_crs_41_sql_injection_attacks.conf need !REQUEST_COOKIES:/^_pk_ref.*/|!REQUEST_COOKIES:/^__utmz$/|!ARGS:gclid for google adwords, google analytics and piwik to work ok with mod_security.
Hope this helps someone else
_______________________________________________ Owasp-modsecurity-core-rule-set mailing list [email protected] https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
