Re: [Owasp-modsecurity-core-rule-set] false positives in textarea inputs

Josh Amishav-Zlatin Tue, 06 Aug 2013 13:28:29 -0700

On Tue, Aug 6, 2013 at 10:44 PM, Ben WIlliams <
benwilliams+ow...@joobworld.com> wrote:


> A textarea input is triggering an inbound anomaly score of 26 due to
> newline chars - \x0d\x0a\x0d\x0a
>
> All the rules triggered are SQLi rules except for one (960024). Would this
> be the best workaround?
>
> SecRuleUpdateTargetByTag "WEB_ATTACK/SQL_INJECTION" "!ARGS:input_11"
> SecRuleUpdateTargetById 960024 "!ARGS:input_11"
>
>
Hi Ben,

That looks good. Just make sure to include those rules after the other
rules are created, e.g. in the 48 file.

--
 - Josh

_______________________________________________
> Owasp-modsecurity-core-rule-set mailing list
> Owasp-modsecurity-core-rule-set@lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
>
>

_______________________________________________
Owasp-modsecurity-core-rule-set mailing list
Owasp-modsecurity-core-rule-set@lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set

Re: [Owasp-modsecurity-core-rule-set] false positives in textarea inputs

Reply via email to