Hi there, We have an open issue with weak ldap injection rules:
https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/276 A user reported this and proposed a fairly complex regex to counter this. I fear for a high number of false positives and we will have to test this throughly. I try and get this sort out. However, it would not hurt to have somebody with real ldap knowledge to support this (the said user is a bit monosyllabic with his responses...). So if anybody could help me with this, it would be very nice. Ahoj, Christian -- Reserve your right to think, for even to think wrongly is better than not to think at all. --- Hypatia of Alexandria, around 400 AD _______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
