I posted following issue on Github
*We are suffering an issue related to POST inspection. We are running
modsecurity 2.7.7 on apache 2.5.3 Backend application is running on Jetty
2.9. The application presents a login form to the end user. When filling in
the login fields with crafted data, like sql strings, the call is accepted
and sent to the backend application. But adding sql strings in the URL
blocks the call. Backend application is at risk as modsecurity is the only
security control in place. I've been suggested to enable
SecStreamInBodyInspection, but it doesn't work. Any help is welcome.*
However I have no comment and our issue is still there.
Any help will be welcome
Get latest updates about Open Source Projects, Conferences and News.