# # SQL Keyword Anomaly Scoring: I am having issues fine tuning all SQL rules for a COTS product. This relates to the ID 981301 - 981316 with 981317. I get a 403 from 918317 related to the previous SecRules because of the keyword count trigger. Would the keyword in 301-316 be triggered by variables names having SQL keywords in the var name, such as: "search.selectedJobFamily.value" (981301 - select)
Also, I have two variables where users can enter an entire resume, so most, if not all of the SQL keywords in the SQL rules 301-316 will get hit! I have seen the use SecRuleUpdateById in conjunction of !ARGS:<var> used, but 301-316 uses TX:SQLI….. How do I use the SecRuleUpdateById with TX vs ARGS, and or what is the best way to allow all words for these two variables and not set off the SQL triggers. Thank you Steve
_______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
