On 07/31/2017 10:59 AM, Chaim Sanders wrote:
The next rule you have highlighted is 920270. This indicates that a null byte was passed to a cookie. Null bytes are used in various attacks but are almost always avoided by legit applications. This rule can be found here: https://github.com/SpiderLabs/owasp-modsecurity-crs/blob/e4e0497be4d598cce0e0a8fef20d1f1e5578c8d0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf#L564
I would very much like to see the audit log entry for the 920270 hit. Ed Greenberg
_______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
