Hello, the third-to-last branch in rule 981245 in modsecurity_crs_41_sql_injection_attacks.conf matches things like "©somename.jpg". Is that intended? It doesn't look much like an SQL injection to me and names like these unfortunately occur quite frequently on our servers. I can of course modify the rule, but maybe it is just too overeager.
Greetings, Daniel. PS: Which version do we use? modsec_audit.log says: Producer: ModSecurity for Apache/2.6.8 (http://www.modsecurity.org/); OWASP_CRS/2.2.5. _______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set