Hi, I'd like to run the SQLi checks on only the one parameter on my site that is vulnerable to those attacks.
I was wondering if there's a pattern to do this, or if I need to copy the rules from REQUEST-942-APPLICATION-ATTACK-SQLI.conf into my own file, and change the variables to my ARGS:ParamName? I tried doing this, to disable the rules, and then re-enable for just my param, but that didn't work: SecRuleUpdateTargetByID 942000-942999 "!REQUEST_COOKIES" SecRuleUpdateTargetByID 942000-942999 "!REQUEST_COOKIES_NAMES" SecRuleUpdateTargetByID 942000-942999 "!ARGS_NAMES" SecRuleUpdateTargetByID 942000-942999 "!ARGS" SecRuleUpdateTargetByID 942000-942999 "!XML" SecRuleUpdateTargetByID 942000-942999 "ARGS:SearchTerm" Many thanks! Kirk
_______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
