On 1/25/11 10:57 AM, "Josh Gee" <[email protected]> wrote:
>This SQL Injection rule is causing me serious headaches. It has a lot >of false positives, and it always matches twice, once with the case it >finds, and once after it lower-cases the values. This makes it very >hard to write an exception for. > >It seems to be so crude as to match the word "and" in just about any >context that includes white space. It matches in filenames (which is >not too bad), URLs, and even standard HTML form values. > >For now I've commented it out completely because in Anomaly Scoring mode >I couldn't manage to write an exception that would turn it off. > >Any ideas for a better solution? Josh, Could you send an audit log entry of a false positive match? It would help with an exception. -Ryan _______________________________________________ Owasp-modsecurity-core-rule-set mailing list [email protected] https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
