Hi Everyone, I'm having a hard time creating an exception for a false positive and was hoping an expert eye might catch my mistake. I have a Joomla site that uses Ajax to register users. It is triggering a false positive for rule #981244 in modsecurity_crs_41_sql_injection_attacks.conf
The issue seems to be that the data for the email argument sometimes contains "between", which is explicitly defined in this rule as an injection. Is there a way to create an exception for an argument that contains certain data? Maybe !ARGS:email="^between$" http://blog.spiderlabs.com/2011/08/modsecurity-advanced-topic-of-the-week-exception-handling.html has a great example on how to do this for the email argument, but cloning rule #981244 to my modsecurity_crs_15_custom.conf and adding |!ARGS:email doesn't seem to be work due "between" explicitly being defined. This is with an Ubuntu 10.04 install, with ModSecurity 2.5.11-1 Best, Matt Thomas Founder betweenbrain <http://betweenbrain.com/>™ Lead Developer Construct Template Development Framework<http://construct-framework.com/> Phone: 203.632.9322 Twitter: @betweenbrain Github: https://github.com/betweenbrain
_______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
