well,  i was not url_encoding the string before trying on the server. It worked.

Unfortunately I found an error message

Rule execution error - PCRE limits exceeded (-8): (null).

Searching in google I found very old messages (back to 2004?) and some new (in ASL forum) but no conclusive answer of how to solve it and why it was triggered.

When those errors happen what occurs with the request?  Is it allowed or dropped?


On Wed, Oct 27, 2010 at 9:45 AM, Ryan Barnett <RBarnett@trustwave.com> wrote:
On 10/27/10 9:21 AM, "robert mena" <robert.mena@gmail.com> wrote:

> Hi,
>
> Is there a way to test with standard attack vectors to see if mod_security is
> blocking the attemps for (example), sql injection?
>
> I've enabled and tried with www.mysite.com/?u=1 <http://www.mysite.com/?u=1>
> OR 1=1 but no message is logged in /var/log/httpd/error-log
>

What rule set are you using?  When I test your payload against our public
OWASP Core Rule Set (CRS) Demo is triggers SQL Injection alerts -
http://www.modsecurity.org/demo/phpids?test=1+OR+1%3D1

-Ryan