On Mon, May 16, 2016 at 06:09:19PM +0000, Colin MacAllister wrote: > Thanks, Christian. But which client are you referring to? Not my Firefox > browser? It's my IIS server which is receiving the post -- do you mean that > might be buggy?
Client as in browser, or plugin in the browser, or javascript mistreating the request before it is being sent. Remove ModSec out of the chain and then you know if ModSec-IIS has a bug, or if something else is amiss. I would not rule out ModSec-IIS. I am sure it's not ModSec generally or a lot of sites would not work anymore. But ModSec-IIS is less used, so maybe. Ahoj, Christian -- Pleasure is very seldom found where it is sought; our brightest blazes of gladness are commonly kindled by unexpected sparks. --- Samuel Johnson _______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
