[mod-security-users] Trouble with transformation function
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
[mod-security-users] Trouble with transformation function
|
From: <mj...@te...> - 2012-09-20 21:20:35
|
I have the following being submitted as part of an argument and it is
being alerted on by ModSecurity rules.
"like Aldus PageMaker including versions of Lorem Ipsum.\x0d\x0a\x0d\x0aIt
is a long established fact that a reader will"
Message: Warning. Pattern match "\\W{4,}" at ARGS:content. [file
".../modsecurity_crs_41_sql_injection_attacks.conf"] [line "155"] [id
"960024"] [rev "2.2.4"] [msg "SQL Character Anomaly Detection Alert -
Repetative Non-Word Characters"] [data ".\x0d\x0a\x0d\x0a"]
I have attempted to use the transformation function so the alert does not
fire on the encoded text, but it is not working. Here is the rule I am
using:
SecRule ARGS "content" "t:none,t:urlDecode,t:escapeSeqDecode"
Any direction would be greatly appreciated!
Thanks
|
