Closed remotehelp closed 11 years ago
Yes, these are all false positives. Thanks for providing the audit log as that helps to fix. The generic SQLi meta-char rules seems to be too high a FP to be of value in production. It was added previously due to some evasions but it triggers too often on non-malicious stuff.
I would recommend you use SecRuleRemoveById 981173
If get some pages in joomla 1.5 CMS on remoteshaman.com site mod_security false alarm as test mode "SecRuleEngine DetectionOnly":
almost all requests to the site pages mod_setsurity mistaken as an attack;((
where is ([data "Matched Data: ;id found within ARGS_NAMES:amp;id: amp;id"]) the "System Command Injection"?;(