[Owasp-modsecurity-core-rule-set] [JIRA] Resolved: (CORERULES-31) Request Clarification

Brian Rectanus (JIRA) Ryan.Barnett at breach.com
Mon May 17 13:14:10 EDT 2010


     [ https://www.modsecurity.org/tracker/browse/CORERULES-31?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Brian Rectanus resolved CORERULES-31.
-------------------------------------

    Resolution: Duplicate

Duplicate of CORERULES-29

> Request Clarification
> ---------------------
>
>                 Key: CORERULES-31
>                 URL: https://www.modsecurity.org/tracker/browse/CORERULES-31
>             Project: Core Rules
>          Issue Type: Bug
>      Security Level: Normal
>          Components: False positive
>            Reporter: Josiah Ritchie
>            Assignee: Ryan Barnett
>
> A mod security rule is causing problems with Drupal. In the current development version, jquery.cookie.js is being used. This rule is keeping it form being loaded and we would like to know why and if this can't be stopped since it is catching a perfectly legitimate file. The discussion at Drupal can be found here: http://drupal.org/node/522646.
> SecRule REQUEST_FILENAME|ARGS|ARGS_NAMES "(?:\b(?:(?:type\b\W*?\b(?:text\b\W*?\b(?:j(?:ava)?|ecma|vb)|application\b\W*?\bx-(?:java|vb))script|c(?:opyparentfolder|reatetextrange)|get(?:special|parent)folder|iframe\b.{0,100}?\bsrc)\b|on(?:(?:mo(?:use(?:o(?:ver|ut)|down|move|up)|ve)|key(?:press|down|up)|c(?:hange|lick)|s(?:elec|ubmi)t|(?:un)?load|dragdrop|resize|focus|blur)\b\W*?=|abort\b)|(?:l(?:owsrc\b\W*?\b(?:(?:java|vb)script|shell|http)|ivescript)|(?:href|url)\b\W*?\b(?:(?:java|vb)script|shell)|background-image|mocha):|s(?:(?:tyle\b\W*=.*\bexpression\b\W*|ettimeout\b\W*?)\(|rc\b\W*?\b(?:(?:java|vb)script|shell|http):)|a(?:ctivexobject\b|lert\b\W*?\(|sfunction:))|<(?:(?:body\b.*?\b(?:backgroun|onloa)d|input\b.*?\btype\b\W*?\bimage)\b| ?(?:(?:script|meta)\b|iframe)|!\[cdata\[)|(?:\.(?:(?:execscrip|addimpor)t|(?:fromcharcod|cooki)e|innerhtml)|\@import)\b)"

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://www.modsecurity.org/tracker/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        


More information about the Owasp-modsecurity-core-rule-set mailing list