Hey Jeff, Could you raise you SecDebugLogLevel to 9 and then post your payload and select that part of the debug log that handles the rule 942100?
Also: Said libinjection rules does not work on the raw request body (your post implies this somehow). But it only works on argument names and argument values. Best, Christian On Tue, Oct 17, 2017 at 12:20:40PM -0700, Jeff Liu wrote: > Dear CRS leaders, > I am trying to test the latest version of rule set (version 3) with > modsecurity to detect SQLi injection. I find that the CRS is able to > correctly detect SQLi attacks in request headers (HTTP GET), while it's > not able to detect any SQLi attacks in the request body (HTTP POST) even > for the most simple ones such as "or 1=1--". > I checked some online solutions and already set the SecRequestBodyAccess > On but it still doesn't work. > Could anyone help me with it? Thanks in advance! > Regards, > Tianyu > _______________________________________________ > Owasp-modsecurity-core-rule-set mailing list > Owasp-modsecurity-core-rule-set@lists.owasp.org > https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set -- ModSecurity courses Oct 2017 in London and Zurich https://www.feistyduck.com/training/modsecurity-training-course https://www.feistyduck.com/books/modsecurity-handbook/ mailto:christian.fol...@netnea.com twitter: @ChrFolini _______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
