Hey Silvan, Thank you for reporting.
Could you send the full payload / request. Ideally as a curl command, so we can reproduce. It could be that you are up to something here. Best, Christian On Tue, Sep 11, 2018 at 02:07:11PM +0200, Silvan Nagl wrote: > Hi, > > maybe i am wrong but it seams like the match for id:942130 "SQL > Tautology" is cutting of to early. > > Matched Data: h=H found within ARGS:p: protokolle.git;a=commitdiff;h=HEAD > > instead of comparing "h" and "HEAD" in this example it just compares the > beginning of HEAD which leads to a FP. > > Regards, > > Silvan > > > _______________________________________________ > Owasp-modsecurity-core-rule-set mailing list > Owasp-modsecurity-core-rule-set@lists.owasp.org > https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set _______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set