[Modsecurity] special phpBB false positive
Gerard Earley
gerard at whitecurve.com
Wed Oct 4 04:21:50 EDT 2006
I'm getting a lots of false positives with users posting to phpBB from
rule 300016, which is the generic SQL injection rule. The real problem
is that the clients company name has the word "union" in it.
Is there a way to check the whether the a particular word is used with
union and if its there to NOT trigger the rule.
For example
"blah blah blah union blah blah blah"
would trigger the rule but
"blah blah blah keyword union blah blah blah"
would not.
Any hints?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3303 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.gotroot.com/pipermail/modsecurity/attachments/20061004/c6e2ba9f/smime.bin
More information about the Modsecurity
mailing list