The following in ARGS: is being identified as SQL Injection: TAOP01U10RhvxuuKxxempg01U10monamzy1
Message: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(\"|'|`|\xc2\xb4|\xe2\x80\x99|\xe2\x80\x98)\\s*(x?or|div|like| between|and)\\s*(\"|'|`|\xc2\xb4|\xe2\x80\x99|\xe2\x80\x98)?\\d)|(?:\\\\x(?:23|27|3d))|(?:^.?(\"|'|`|\xc2\xb4|\xe2\x80\x99|\xe2\x80\ x98)$)|(?:(?:^[(\"|'|`|\xc2\xb4|\xe2\x80\x99|\xe2\x ..." at ARGS:TAOP01U10RhvxuuKxxempg01U10monamzy1. [file "/usr/local/apache2/conf /extra/modsecurity/modsecurity_crs_41_sql_injection_attacks.conf"] [line "565"] [id "981242"] [msg "Detects classic SQL injection pr obings 1/2"] [data "7 Andr"] [severity "CRITICAL"] [tag "WEB_ATTACK/SQLI"] [tag "WEB_ATTACK/ID"] [tag "WEB_ATTACK/LFI"] I am seeing a large number of these from different IP addresses. Any thoughts -=Steve
_______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
