Dear List Members, There are some cookies which contain random values (as an id) and those could be interpreted an SQL injection attack as of ModSec.
I don't want the specific rules (981319, 981243 and 981244) to be disabled just because of the cookies. These cookies are: - w3tc_referrer: a WordPress caching system (W3TC) cookie - utmctr: Google Analytics cookie In all of them there's a referrer URL from Google ending with the following: […] &ei=gVIHT57CLYzhswbdtOnbAw&usg=AFQjCNHyN4OXIHstXXorGoJgNR5fV1Ik3A The problems: 981319: [data "Xor"] 981243: [data "Div"] in an other URL from the word "Divine" (isn't it a bit too strict?) 981244: [data "DiV"] I tried to update the rule with the following: SecRuleUpdateTargetById 981319 "!REQUEST_COOKIES_NAMES:w3tc_referrer" but no use. How can I disable the SQL injection checking for these cookie names? Sincerely, Ákos Szőts _______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
