jptosso
commented
7 years ago For now just create an exception.
SecRuleUpdateTargetById <RULE ID TRIGGERED> "!ARGS:username"
That will disable the rule validation for the parameter.
Open andywgrant opened 7 years ago
jptosso
commented
7 years ago For now just create an exception.
SecRuleUpdateTargetById <RULE ID TRIGGERED> "!ARGS:username"
That will disable the rule validation for the parameter.
My ModSecurity logs are reporting a detection by libinjection that is clearly a false positive (even its matched data seems a little bizarre).
[msg "SQL Injection Attack Detected via libinjection"][data "Matched Data: novc found within ARGS:username: a!@#"]