Hi, all, As I fine-tune my CMS not to bark at me for valid traffic, I’ve come upon the following problem. When a rule matches (in anomaly scoring mode, haven’t tested the other way) sometimes part of the value of the argument the will come through as the argument name, not the name itself, in this case, “Blurb.”
ARGS_NAMES:rc is knowledgeable, experienced, empathetic, and kind… [followed by a chunk of the rest of the arg value] I checked it in the inspector, and indeed the ARG_NAME should be “Blurb”. As it is coming through, of course, it is impossible to check for, as it is variable. It might be possible to whitelist the last part of the URL path, but I’d rather not. Have I found a bug? See the snippet from the audit log I attached to this email.
audit.7z
Description: audit.7z
_______________________________________________ Owasp-modsecurity-core-rule-set mailing list [email protected] https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
