[Owasp-modsecurity-core-rule-set] (2.0.7) syntax problem in ..._41_phpids_filters.conf
Jamuse
jamuse at gmail.com
Thu Jul 8 04:44:03 EDT 2010
On Thu, Jul 8, 2010 at 11:11 AM, Achim Hoffmann <webappsec at securenet.de>wrote:
> in the rules in base_rules/modsecurity_crs_41_phpids_filters.conf we read:
>
> SecRule ..... "phase:2, ... ,setvar:%{tx.critical_anomaly_score},
> ... "
>
> which results in a Warning message when matched.
> I assume that it should be:
>
> SecRule ..... "phase:2, ...
> ,setvar:tx.anomaly_score+=%{tx.critical_anomaly_score} ... "
>
Correct, there are a lot of these actually. See:
https://lists.owasp.org/pipermail/owasp-modsecurity-core-rule-set/2010-June/000398.html
- J
>
> Achim
>
> _______________________________________________
> Owasp-modsecurity-core-rule-set mailing list
> Owasp-modsecurity-core-rule-set at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-modsecurity-core-rule-set/attachments/20100708/83933842/attachment.html
More information about the Owasp-modsecurity-core-rule-set
mailing list