> On 05 Sep 2016, at 21:23, Ken Brucker <k...@pumastudios.com> wrote: > > I see a variety of false positives with WordPress and CRS v3.0. > > In light of Issue 527 > <https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/527> (Policy for > handling app specific FPs) should I be filing a github issue for each of them > that I've seen? There are a number of easy to create FPs when creating post > content that include example code, sql statements, embedded URLs, etc.
I definitely want to address WordPress false positives in RC2. We still have to think a bit about the scope. Most WordPress plugins will probably be out of scope since there so many obscure ones, and also there are many concerns about their code quality (ubiquitous XSS and SQLi are the norm sadly). But WordPress core functions for editing post content should be supported without problem. Your information will be very helpful. If you could create Github issues for your false positives, we’ll review them and if reasonably possible fix them in RC2. -- Walter Hop | PGP key: https://lifeforms.nl/pgp
_______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
