[Modsecurity] False positive phpMyAdmin
Mike Cardwell
modsecurity at blubbernet.com
Fri Apr 21 04:34:23 EDT 2006
* on the Thu, Apr 20, 2006 at 08:04:59PM +0200, Havard Hebnes wrote:
> Got this false positive while using phpMyAdmin (latest release)
[snip false positive report]
This exclude rule should work:
<LocationMatch "/tbl_change.php">
SecFilterRemove 300016
</LocationMatch>
That removes rule id 300016 from being used when the uri contains
"/tbl_change.php". 300016 is a general SQL injection attack rule which
obviously causes problems for tools like phpmyadmin.
Exclude rules should be loaded before the rest of your rules in order to
work.
--
Digital photo printing: http://www.fotoserve.com/
More information about the Modsecurity
mailing list