Good afternoon group, I've come across an issue in which at times some of the SecAuditLogParts are duplicate in my audit.log. For example:
*--05761b09-C-- Here is some request body data -- --05761b09-C-- * *alendar-set.js"></scrip<html> <head> <META HTTP-EQUIV="Content-Type" CONTENT="text/html; CHARSET=UTF-▒WL< ZL<LMTHa Co▒WL<@ZL<PMOCcripXL<`ZL<EWOLpt1.2"> <!-- String.prototype.endsWith = function(str) --* Typically the 2nd C field contains improperly encoded characters as well. Is this expected behavior? Under what circumstances would this behavior present itself? Running ModSecurity for Apache V2.9
_______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
