Hello, I posted following issue on Github
https://github.com/SpiderLabs/ModSecurity/issues/684#issuecomment-38191745 *Hi,* *We are suffering an issue related to POST inspection. We are running modsecurity 2.7.7 on apache 2.5.3 Backend application is running on Jetty 2.9. The application presents a login form to the end user. When filling in the login fields with crafted data, like sql strings, the call is accepted and sent to the backend application. But adding sql strings in the URL blocks the call. Backend application is at risk as modsecurity is the only security control in place. I've been suggested to enable SecStreamInBodyInspection, but it doesn't work. Any help is welcome.* *Kind regards*, However I have no comment and our issue is still there. Any help will be welcome Kind regards, Jean-Raymond
_______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
