Hi, We have a secrule like this : 'SecRule REQUEST_FILENAME|ARGS_NAMES|ARGS|XML:/* "(fromcharcode|alert|eval)\s*\(" \ "phase:2,rev:'2.0.10',id:'973307',capture,t:none,t:htmlEntityDecode,t:jsDecode,t:lowercase,pass,nolog,auditlog,msg:'XSS Attack Detected',logdata:'%{TX.0}',setvar:'tx.msg=%{rule.msg}',setvar:tx.xss_score=+%{tx.critical_anomaly_score},setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{ rule.id}-WEB_ATTACK/XSS-%{matched_var_name}=%{tx.0}"'
When user supplies url like this : <hostname>?param1=test%27,alert(document.cookie),%27test¶m2 Its not being blocked. Please suggest -- Thanks, Venki
_______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set