[Owasp-modsecurity-core-rule-set] Xss rules- can these be simplified/combined ?
rajeevsethi777 at yahoo.com
Wed May 19 04:08:51 EDT 2010
I've noticed that core rule set comes loaded with several XSS filter, during my testing, I found that many filters from different categories (PHPID, IE8 etc) are hit. So, I am wondering, if someone has been able to reduce xss filters by removing redundant filters?
For example, I think IE8 XSS rule is always hit whenever I try XSS, so does it mean if I use ONLY IE8 XSS filter, I'm covered from XSS attacks? or, if I use only PHPIDS XSS filter, will I be missing any potential xss payloads? I'm hoping to find an "intersection" of all the rules.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-modsecurity-core-rule-set