Hello all,
I have lots of Joomla websites and I've just installed mod_security with Owasp-modsecurity-core-rule-set. I had to disable the modsecurity_crs_41_xss_attacks.conf and modsecurity_crs_41_sql_injection_attacks.conf rules because I could not edit any article. Whenever I tried to save the article I would get a 403 forbidden. I watched the audit log file and I've tried to comment out rule by rule that fails, but as we are editing HTML content there are so many rules to comment that I believe there must some way else to do it. On another case, I've enabled the modsecurity_crs_11_slow_dos_protection.conf rules, but I've tested the site with http://www.acunetix.com/ and it still reports the site as vulnerable to "Slow HTTP Denial of Service Attack". Can someone please help? Thank you Rogerio Brito
_______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
