Hello, Like the previous post on 950907 / 932100, this is controversial because of possible false positives due to a data file with strings: https://raw.githubusercontent.com/SpiderLabs/owasp-modsecurity-crs/v3.0.0-rc1/rules/php-function-names.data https://raw.githubusercontent.com/SpiderLabs/owasp-modsecurity-crs/v3.0.0-rc1/rules/php-config-directives.data
Could these files be split in the manner explained in the message before? After all, this rule scans input against strings like dl, eval, exec, from, precision. Outside of that, there is something I do not quite grasp: Why are the strings in https://raw.githubusercontent.com/SpiderLabs/owasp-modsecurity-crs/v3.0.0-rc1/rules/php-function-names.data listed between slashes (this is not the case with the other data files). Examples: ... /ereg/ /eregi/ /error_log/ /eval/ /event_buffer_new/ ... What do you think? Christian -- mailto:christian.fol...@netnea.com http://www.christian-folini.ch twitter: @ChrFolini -- mailto:christian.fol...@netnea.com http://www.christian-folini.ch twitter: @ChrFolini _______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
