Hi,
The "base_rules/modsecurity_crs_41_xss_attacks.conf" rules file starts with
a smart rule that checks the presence of some keywords (Ex. script
javascript...) and depending on the result, it decides to run deeper rules
or just skip them. The problem is that the conditional "skip" never works
because it tests the "pm_xss_score" variable which is not initialized.
SecRule TX:PM_XSS_SCORE "@eq 0"
"phase:2,id:'981018',t:none,pass,skipAfter:END_XSS_CHECK,nolog"
To fix this, I just directive this at the beginning of the file:
SecAction
"phase:2,rev:'2.2.5',t:none,pass,nolog,setvar:tx.pm_xss_score=0"
It would be nice to fix this in the next core rule set release.
Thank you in advance.
Rm4dillo
_______________________________________________
Owasp-modsecurity-core-rule-set mailing list
Owasp-modsecurity-core-rule-set@lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
