Hi, you need to use !REQUEST_COOKIES not !REQUEST_COOKIES_NAMES. Best Regards Michael
2012/1/7 Szőts Ákos <szots...@gmail.com>: > Dear List Members, > > There are some cookies which contain random values (as an id) and those > could be interpreted an SQL injection attack as of ModSec. > > I don't want the specific rules (981319, 981243 and 981244) to be disabled > just because of the cookies. > These cookies are: > - w3tc_referrer: a WordPress caching system (W3TC) cookie > - utmctr: Google Analytics cookie > In all of them there's a referrer URL from Google ending with the > following: > […] &ei=gVIHT57CLYzhswbdtOnbAw&usg=AFQjCNHyN4OXIHstXXorGoJgNR5fV1Ik3A > > The problems: > 981319: [data "Xor"] > 981243: [data "Div"] in an other URL from the word "Divine" (isn't it a bit > too strict?) > 981244: [data "DiV"] > > I tried to update the rule with the following: > SecRuleUpdateTargetById 981319 "!REQUEST_COOKIES_NAMES:w3tc_referrer" > but no use. > > How can I disable the SQL injection checking for these cookie names? > > Sincerely, > Ákos Szőts > _______________________________________________ > Owasp-modsecurity-core-rule-set mailing list > Owasp-modsecurity-core-rule-set@lists.owasp.org > https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set _______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
