Hi to all
> > > just updated a Centos 7.4 to mod_security_crs 2.2.9 and mod_security > 2.7.3-5. In the > /etc/httpd/modsecurity.d/activated_rules/modsecurity_crs_48_local_exceptions.conf > file I have a rule like this that worked in earlier versions but no longer. > > Any idea ? > > Thank you very much > > SecRule TX:'/^981172.*/' "@rx .*" "chain,phase:2,t:none,nolog, > noauditlog,pass,msg:'WHITELISTING %{rule.id}: Allowed false positive > %{TX:0}',severity:'6',id:450010" > > SecRule REQUEST_COOKIES:'/^(Mycookie1|Mycookie2|Mycookie3|Mycookie4)/' > "!^$" "t:none,setvar:!tx.%{tx.1},setvar:tx.anomaly_score=-20" > > > > Log > > > > --9d781c6e-H-- > > Message: Warning. Pattern match "([\\~\\!\\@\\#\\$\\%\\^\\&\\* > \\(\\)\\-\\+\\=\\{\\}\\[\\]\\|\\:\\;\"\\'\\\xc2\xb4\\\xe2\ > x80\x99\\\xe2\x80\x98\\`\\<\\>].*?){8,}" at REQUEST_COOKIES:Mycookie1. > [file "/etc/httpd/modsecurity.d/activated_rules/modsecurity_ > crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] > [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special > characters exceeded"] [data "Matched Data: + found within > REQUEST_COOKIES:Mycookie1: ve11n8OdWASErRyEZrw+29j8ihH2+ > RlST465bWRDDityPELrC/mXxSDAELEf1CSGT+knYFgt/3EWotqMvcFBiLlX0YDfDNxEnZ32pBz > sp3B+45oPGeOc/lx16tGOY8Q+u1sfbcVEzHeNIpebO3DephHXQ3fz0v > 66Qh2Qc5umtNSPP4p4pVd7C3gxxuspE4wWJlN7uF2iwVxkm+ > VN1W6wRt4USriw9aQQX0Csz1wKQdMlK5nv/S+uK+QBA7OdVsfOK7BXVrrXkLo7J9GS9oGY > rnrkzNZ5rzOZRyllaqYRVV2pnm0qrdEq0Fiont4Z2+iHYEpnSuQRJpGi+mAL+ > FMnI1TNOlxIAzOgwV0ENaKXOgyQe3JVHStFc5cVVCptTtkL"] [ver "OWASP_CRS/2.2.9"] > [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] > > Apache-Handler: proxy-server > > Stopwatch: 1508316101057039 22395601 (- - -) > > Stopwatch2: 1508316101057039 22395601; combined=49089, p1=638, p2=48093, > p3=3, p4=98, p5=177, sr=141, sw=80, l=0, gc=0 > > Response-Body-Transformed: Dechunked > > Producer: ModSecurity for Apache/2.7.3 (http://www.modsecurity.org/); > OWASP_CRS/2.2.9. > > Server: Apache > > Engine-Mode: "ENABLED" >
_______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set