Christian, I'll think about how to collect details. There's various classes of problems, some with core WP and others that are theme or plugin specific.
Some default handling will be better than none to improve the out of box integration of WP with modsecurity. -- Ken > On Sep 5, 2016, at 1:10 PM, Christian Folini <christian.fol...@netnea.com> > wrote: > > Ken, > > Yes, there must be a few around. Maybe a systematic approach would be > appropriate here. Maybe open an issue and list them within, grouped > by some useful criteria. > > Also depends a bit on the amount of work you are willing to invest. > > Ahoj, > > Christian > > > > On Mon, Sep 05, 2016 at 12:23:44PM -0700, Ken Brucker wrote: >> I see a variety of false positives with WordPress and CRS v3.0. >> >> In light of Issue 527 >> <https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/527> (Policy for >> handling app specific FPs) should I be filing a github issue for each of >> them that I've seen? There are a number of easy to create FPs when creating >> post content that include example code, sql statements, embedded URLs, etc. >> >> -- Ken > >> _______________________________________________ >> Owasp-modsecurity-core-rule-set mailing list >> Owasp-modsecurity-core-rule-set@lists.owasp.org >> https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set > > > -- > https://www.feistyduck.com/training/modsecurity-training-course > mailto:christian.fol...@netnea.com > twitter: @ChrFolini _______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
