On 09/13/2012 03:14 PM, Josh Amishav-Zlatin wrote:
On Thu, Sep 13, 2012 at 4:03 PM, Anders Kvist <and...@kvistmail.dk
<mailto:and...@kvistmail.dk>> wrote:
Hi
I have a lot of hits on rule 990012 - because some of our users
(everything would be so much easier if they weren't there :)) have
the following as User-Agent: Mozilla/4.0 (Windows XP 5.1)
Java/1.6.0_35 (The Java version may vary).
Hi Anders,
What version of the CRS are you running? Have you considered building
a more recent version of ModSecurity from source? That would allow you
to run a more up to date version of the CRS as well.
I have updated to 2.2.5 - ain't that the newest ruleset?
/Anders
I did a bit of googling and "Windows XP 5.1" is the correct
version of XP - some sites list this a as bot, some doesn't. If I
do a search for "Windows XP 5" the results for User-Agents are
bot, bot and bot...
Does anyone know if the intensions are to catch only "Windows XP
5" or both?
I have added a case to the rule here that allows "Windows XP 5.1"
as User-Agent, but not "Windows XP 5" - guess the question is if
the updated rule should be submitted for the next ruleset?
/Anders
_______________________________________________
Owasp-modsecurity-core-rule-set mailing list
Owasp-modsecurity-core-rule-set@lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
