(also work for mail my@email.Com < /etc/shadow)
It is simple not detected in logs!!!
I clearly don t understand why... it should be triggered by the "common attack" rules of the CRS activated rules in my opinion.
I need to do a kind of "virtual patching".
What i want to do would be as fast as possible being able to filter the following caracters il ARGS:
< > ; | `
I tried this without sucess:
SecRule ARGS "(;|\||\`)" "phase:3,t:none,log,deny,id:5000148"