I am trying to understand what part of the data set in the "GET" is triggering
rule 960911 to trigger.
The "Match" section is listed.
Thank you.
403|HTTP/1.1 403 Forbidden|Action: Intercepted (phase 1)|Message: Access denied
with code 403 (phase 1). Match of
"rx
^(?:(?:[a-z]{3,10}\\s+(?:\\w{3,7}?://[\\w\\-\\./]*(?::\\d+)?)?/[^?#]*(?:\\?[^#\\s]*)?(?:#[\\S]*)?|connect
(?:\\d{1,3}\\.){3}\\d{1,3}\\.?(?::\\d+)?|options \\*)\\s+[\\w\\./]+|get
/[^?#]*(?:\\?[^#\\s]*)?(?:#[\\S]*)?)$" against
"REQUEST_LINE" required. [file
"/usr/local/apache2/conf/extra/modsecurity/modsecurity_crs_20_protocol_violations.conf"]
[line "37"] [id "960911"] [rev "2.2.3"] [msg "Invalid HTTP Request Line"] [data
"GET
/ci20/index.jsp?INDEX=0&PS=CA&postingToApply=8338773&POSTINGID=8338773&PT=12383
- Staff Assistant III, Section 391 Business
Administration&APPLICATIONNAME=jplCA&SEQ=jobDetails&PID=8338773&BOARD_ID=Compliance_H2H&LOCALE=en_U
HTTP/1.1"]
--
Stephen Canell
IT Security Engineer 4, EBIS Security
Enterprise Business Information Services
EBIS Security - 1734
Jet Propulsion Laboratory
4800 Oak Grove Drive
Pasadena, California 91109
Phone: 818-354-1731
Procrastination is the thief of time!
_______________________________________________
Owasp-modsecurity-core-rule-set mailing list
Owasp-modsecurity-core-rule-set@lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
