Hi, I am interested to know how other modsecurity CRS users handle json requests? Since there is no processor for JSON to break it down into ARGS, the JSON is compared as one long string which causes a lot of false positives for SQLi, etc. My approach so far has been to disable the CRS rules that cause false positives on JSON. Has anyone tried luajson or a json schema library to do validation?
thanks
_______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
