Christian Folini
Christian Folini
Thank you very much for your report @landergate. This is an upstream problem but very glad you reported. I am going to forward this to the libinjection maintainer asap.
You suspected correctly, @lifeforms. Here is my reduced rule to trigger this FP: ``` Minimal Rule: SecRule ARGS:login "@detectSQLi" \ "msg:'SQL Injection Attack Detected via libinjection',\ id:942100,\ phase:request,\ deny,\ t:none,t:utf8toUnicode,t:urlDecodeUni"...
Yes, looks a bit simplistic. Bad implementation in ModSec?
@landergate : This does not look like a quick fix and I think there is no way around disabling the rule for the login parameter for the time being. Of...
Decision during the CRS project chat on March 2, 2020: @dune73 will get in touch with the libinjection project to try and get things moving again. https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/1683#issuecomment-593584538
Reporting on an email conversation: ### Message by @lifeforms ``` I investigated a request that was blocked in CRS2 and passed in CRS3. It seems to be an open proxy...
I do like the elegance of `"!@beginsWith /"`.
I agree on 3.1(.0). On Tue, Nov 01, 2016 at 09:37:57AM -0700, Chaim Sanders wrote: > 3.1 or 3.0.1, I guess 3.1 since it's a new feature. > > ##...
I'm all for integrating this into 3.1. Ideally as part of 920 at PL1.
Rather not me, though. Still not bottom in my inbox.