Hi there, This is odd, I agree. I am personally not much into NginX, but I take it, rule 949110 should be present.
Could you please set the debug log level to 9 and repeat the request. Then look for 949110 in the debug log maybe send you that piece of the log (remember to return to a reasonable loglevel afterwards, or the file will grow like mad quickly. Ahoj, Christian On Sun, Jan 15, 2017 at 06:11:51PM +0000, Géza Búza wrote: > Hi all, > > I'm new to ModSecurity and wanted to try it out by installing Nginx 1.10.2, > latest ModSecurity (master branch), with latest CRS (v3.0/master branch). > > With the default settings on, I tried to send an attack request and > expected to see it blocked. > So I sent the request below to the demo application > GET http://172.17.0.1/?param="><script>alert(1);</script> > and it responded with 200 OK (which is okay since it's in detection only > mode by default), > but I expected to see the error "Inbound Anomaly Score Exceeded (Total > Score: 5)" in the audit log. There is no such message, but other rules have > triggered as I expected. > I attached the complete log of the HTTP GET request. > > Could you give me guidance what am I missing? > -- > Üdvözlettel, > Búza Géza > -- > Üdvözlettel, > Búza Géza > _______________________________________________ > Owasp-modsecurity-core-rule-set mailing list > Owasp-modsecurity-core-rule-set@lists.owasp.org > https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set -- https://www.feistyduck.com/training/modsecurity-training-course mailto:christian.fol...@netnea.com twitter: @ChrFolini _______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set