Thanks to those how did some testing and provided feedback. I have made a bug fix release v2.1.1 -
-------------------------- Version 2.1.1 - 12/30/2010 -------------------------- Bug Fixes: - Updated the 10 config conf file to add in pass action to User-Agent rule - Updated the CSRF ruleset to conditionally do content injection - if the csrf token was created by the session hijacking conf file - Updated the session hijacking conf file to only enforce rules if a SessionID Cookie was submitted - Fixed macro expansion setvar bug in the restricted file extension rule - Moved the comment spam data file into the optional_rules directory https://sourceforge.net/projects/mod-security/files/modsecurity-crs/0-CURREN T/
_______________________________________________ Owasp-modsecurity-core-rule-set mailing list [email protected] https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
