Thanks Christian, and your tutorials are very helpful. Dnia Wtorek, 15 Listopada 2016 20:40 Christian Folini <christian.fol...@netnea.com> napisaĆ(a) > Kamil, > > Thanks for reporting. > > You are facing the following alerts: > > 920300 REQUEST_HEADERS:User-Agent Request Missing an Accept Header > 920300 REQUEST_HEADERS:User-Agent Request Missing an Accept Header > 942260 REQUEST_COOKIES:OutlookSession Detects basic SQL auth bypass > 942260 REQUEST_COOKIES:OutlookSession Detects basic SQL auth bypass > > 920300 is usually legitimate and likely points to a client not sending > the accept header like it should. This is a widespread misbehaviour. > That is why we pushed the rule to paranoia level 2. You are apparently > running PL2 or higher. You should thus tune this alert away via a rule > exclusion. > > The 942260 is likely also legitimate. It's just that your poor client > has a session cookie smelling of SQL authentication bypass. You > should exclude the said cookie from the list of parameters examined > by 942260. > > My tutorials at https://www.netnea.com/cms/apache-tutorials give > you detailed step by step instructions how to do this. > > Best, > > Christian > >
_______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
