Hello, I'm very new to mod_security - installed it on one of my server a couple of days ago along with core rules 2.2.1.
I had to create a couple of exceptions as some common Slovene words contain strings that trigger some SQL injection rules. For example - the word 'slike' (meaning 'pictures') obviously contains 'like' which triggers one or more of the rules in modsecurity_crs_41_sql_injection_attacks.conf. Anyway, I also noticed that Google Analytics cookie __utmz often triggers these rules as it sometimes (quite often, actually) contains things like 'n=(n' - for example: __utmz=42207527.1312789542.1.1.utmgclid=CIvzq5Gav6oCFZQm3wodY1mF5w|utmccn=(not+set)|utmcmd=(not+set) What's a recommended practice to handle thinks like that? Danilo _______________________________________________ Owasp-modsecurity-core-rule-set mailing list [email protected] https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
