[Owasp-modsecurity-core-rule-set] json

Ben WIlliams benwilliams+owasp at joobworld.com
Fri Nov 30 22:31:19 UTC 2012

I am interested to know how other modsecurity CRS users handle json
requests? Since there is no processor for JSON to break it down into ARGS,
the JSON is compared as one long string which causes a lot of false
positives for SQLi, etc.
My approach so far has been to disable the CRS rules that cause false
positives on JSON.
Has anyone tried luajson or a json schema library to do validation?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-modsecurity-core-rule-set/attachments/20121201/714d3956/attachment.html>

More information about the Owasp-modsecurity-core-rule-set mailing list