In CRS 2.2.2, base_rules/modsecurity_crs_50_outbound.conf the Directory Listing check seems incorrect. Here's the rule:
SecRule RESPONSE_BODY ">[To Parent Directory]</[Aa]><br>" \ "phase:4,rev:'2.2.2',t:none,capture,ctl:auditLogParts=+E,block,msg:'Directory Listing',id:'971202' .... The "[To Parent Directory]" portion is a regex char class. I doubt that was the intention of the rule author. So, it produces false positives b/c it matches stuff like "> </a><br>" _______________________________________________ Owasp-modsecurity-core-rule-set mailing list [email protected] https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
