Thanks for your great answer Josh! Indeed, in my case we are a limited and cohesive team of editors, most of whom only have basic content editing permissions. That, along with Drupal's "special form tokens", renders the CSRF threat minimal. Unfortunately, the main work location has a dynamic IP, so even a VPN wouldn't allow for source IP filtering. I'll disable the specific SQL injection rules that are problematic for those particular URLs, keeping it as targeted as possible.
Thanks again =) Ramy > Hi Ramy, From my perspective the question comes down to trust. If you > completely trust the users with administrative rights and are not > concerned with CSRF attacks you can safely disable those rules. > Another approach is to disable those rules based on a source IP or > secret token in the user-agent string. -- - Josh _______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
