On Thu, Sep 13, 2012 at 4:03 PM, Anders Kvist <and...@kvistmail.dk> wrote:
> Hi > > I have a lot of hits on rule 990012 - because some of our users > (everything would be so much easier if they weren't there :)) have the > following as User-Agent: Mozilla/4.0 (Windows XP 5.1) Java/1.6.0_35 (The > Java version may vary). > > Hi Anders, What version of the CRS are you running? Have you considered building a more recent version of ModSecurity from source? That would allow you to run a more up to date version of the CRS as well. -- - Josh > I did a bit of googling and "Windows XP 5.1" is the correct version of XP > - some sites list this a as bot, some doesn't. If I do a search for > "Windows XP 5" the results for User-Agents are bot, bot and bot... > > Does anyone know if the intensions are to catch only "Windows XP 5" or > both? > > I have added a case to the rule here that allows "Windows XP 5.1" as > User-Agent, but not "Windows XP 5" - guess the question is if the updated > rule should be submitted for the next ruleset? > > /Anders > > > ______________________________**_________________ > Owasp-modsecurity-core-rule-**set mailing list > Owasp-modsecurity-core-rule-**s...@lists.owasp.org<Owasp-modsecurity-core-rule-set@lists.owasp.org> > https://lists.owasp.org/**mailman/listinfo/owasp-** > modsecurity-core-rule-set<https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set> >
_______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
