In working on an implementation of ModSecurity 2.6.2 using rule set 2.2.3, I noticed that the scores assigned in the PHPIDS - Converted SQLI Filters section of modsecurity_crs_41_sql_injection_attacks.conf are inconsistent with the rest of the file. That particular section uses hard coded values, eg. 7, where the rest of the file uses the anomaly scoring values, eg. tx.critical_anomaly_score. In order to properly implement Anomaly Scoring, it seems these converted rules should use anomaly scoring as well and follow the same severity levels and values. Is there a reason this is not the case or should this particular group of rules be updated?
_______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
