I also tried it and got an Inbound Anomaly Score of 15
On 01/16/2017 02:08 AM, Muenz, Michael wrote:
Am 15.01.2017 um 19:11 schrieb Géza Búza:
Hi all,
I'm new to ModSecurity and wanted to try it out by installing Nginx
1.10.2, latest ModSecurity (master branch), with latest CRS
(v3.0/master branch).
With the default settings on, I tried to send an attack request and
expected to see it blocked.
So I sent the request below to the demo application
GET http://172.17.0.1/?param=";><script>alert(1);</script>
and it responded with 200 OK (which is okay since it's in detection
only mode by default),
but I expected to see the error "Inbound Anomaly Score Exceeded
(Total Score: 5)" in the audit log. There is no such message, but
other rules have triggered as I expected.
I attached the complete log of the HTTP GET request.
Could you give me guidance what am I missing?
Hi,
I've tested in on my installation with
?param="><script>alert(1);</script> and I'm hitting 19 rules, so
there's and error somewhere in your configuration.
Michael
_______________________________________________
Owasp-modsecurity-core-rule-set mailing list
Owasp-modsecurity-core-rule-set@lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
