Re: [mod-security-users] False Positives - SQL Injection & SugarCRM
Brought to you by:
victorhora,
zimmerletw
From: Clayton D. <cla...@gm...> - 2008-08-06 15:49:58
|
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type"> <title></title> </head> <body bgcolor="#ffffff" text="#000000"> Ryan,<br> I will upgrade ASAP and let you know if we still see the FPs for these rules.<br> <br> Thanks for the heads up!<br> <br> CTD<br> <br> Ryan Barnett wrote: <blockquote cite="mid:50E...@mi..." type="cite"> <blockquote type="cite"> <pre wrap="">-----Original Message----- From: <a class="moz-txt-link-abbreviated" href="mailto:mod...@li...">mod...@li...</a> [<a class="moz-txt-link-freetext" href="mailto:mod...@li...">mailto:mod...@li...</a>] On Behalf Of Clayton Dillard Sent: Tuesday, August 05, 2008 3:26 PM To: <a class="moz-txt-link-abbreviated" href="mailto:mod...@li...">mod...@li...</a> Subject: [mod-security-users] False Positives - SQL Injection & SugarCRM I've read a bit on false positive handling but I need some help determining how the rule should be modified in our case. I have pasted some details regarding the events below. Any help would be much appreciated. It looks like the Cookies and the User-Agent are the cause but I'm not sure what to change. thank you, </pre> </blockquote> <pre wrap=""><!----> A few comments - 1) I suggest you upgrade Mod - I see you are using 2.5.1 and 2.5.6 was just released. There are some issues with caching that we fixed (and can cause some problems with rules). I suggest you upgrade if possible. 2) I also see that you are using v1.6.0 of the Core Rules. We found issues with that version of rule set and the current version is 1.6.1. In the 1.6.1 version, we actually have the rule that you referenced commented out (due to FPs). If you upgrade and still have the same problems, let me know. </pre> </blockquote> </body> </html> |