On 2/14/13 5:20 AM, "Anders Kvist" <and...@kvistmail.dk> wrote:
>Hi
>
>I've seen some false positives with the rules mentioned in the subject...
>
>They match for SQL keywords with the @contains operator and not the
>@containsWord operator and therefore we see some false positives. I've
>done some tests where I use @containsWord instead and it seems to work
>and it still blocks if the words are preset...
>
>For example, I see a username, "havingfun", which matches "having"
>because of @contains...
>
>Does anyone know why the rules uses @contains and not @containsWord?
Good recommendation. I just updated the GitHub repo and changed many of
those rules to use @containsWord instead.
-Ryan
>
>
>/Anders
>_______________________________________________
>Owasp-modsecurity-core-rule-set mailing list
>Owasp-modsecurity-core-rule-set@lists.owasp.org
>https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
>
________________________________
This transmission may contain information that is privileged, confidential,
and/or exempt from disclosure under applicable law. If you are not the intended
recipient, you are hereby notified that any disclosure, copying, distribution,
or use of the information contained herein (including any reliance thereon) is
STRICTLY PROHIBITED. If you received this transmission in error, please
immediately contact the sender and destroy the material in its entirety,
whether in electronic or hard copy format.
_______________________________________________
Owasp-modsecurity-core-rule-set mailing list
Owasp-modsecurity-core-rule-set@lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
