[Modsecurity] special phpBB false positive
Michael Shinn
mike at gotroot.com
Mon Oct 9 11:43:07 EDT 2006
Thanks for the report, and sorry to hear that you are having problems.
Would it be possible to look at your audit_log entries for these
events? If so, I could put together an exclusion to prevent this false
positive.
Gerard Earley wrote:
> I'm getting a lots of false positives with users posting to phpBB from
> rule 300016, which is the generic SQL injection rule. The real problem
> is that the clients company name has the word "union" in it.
>
> Is there a way to check the whether the a particular word is used with
> union and if its there to NOT trigger the rule.
>
> For example
> "blah blah blah union blah blah blah"
> would trigger the rule but
> "blah blah blah keyword union blah blah blah"
> would not.
>
> Any hints?
> ------------------------------------------------------------------------
>
> _______________________________________________
> Modsecurity mailing list
> Modsecurity at gotroot.com
> http://lists.gotroot.com/mailman/listinfo/modsecurity
>
More information about the Modsecurity
mailing list