[Owasp-modsecurity-core-rule-set] Percent signs in urls

Thayyilekandy, Subin : Barclaycard US sthayyilekan at BarclaycardUS.com
Thu Jul 17 18:50:55 UTC 2014

Try this in your custom before file (should execute before the CRS rules are executed)

SecRule ARGS: keyword "@streq 100%" "id:999013,phase:2,t:none,t:lowercase,nolog,pass,ctl:ruleRemoveTargetById=950907; ARGS: keyword "

Note : please replace the rule id with the actual rule id that  is being triggered in this scenario , the above rule id is just an example


Application Security consultant | GISTR
Dryrock, DE | Cube# 4-060
Work: (302) 255-7709 | Cell: (214) 799 - 2769

-----Original Message-----
From: owasp-modsecurity-core-rule-set-bounces at lists.owasp.org [mailto:owasp-modsecurity-core-rule-set-bounces at lists.owasp.org] On Behalf Of Delia Lunsford
Sent: Thursday, July 17, 2014 2:26 PM
To: owasp-modsecurity-core-rule-set at lists.owasp.org
Subject: [Owasp-modsecurity-core-rule-set] Percent signs in urls

I'm sure this has been asked many times before but I am having real difficulty finding an answer to a small problem for me - large problem for a hosting customer.

I primarily host ZenCart websites which has a site search. One customer sells coffee - and he wants his customers to be able to search for "100% kona". That triggers mod security as the search parameters are passed to the url.

The url becomes:

Obviously nothing I've tried can change the trigger - mod security just doesn't like that percent sign mixed into that keyword set.

Is it possible to have exceptions to this rule at all? What do you recommend I do?

Delia Wilson Lunsford
WizTech, Inc., (formerly Delia Wilson Design, LLC.)
Terms and Conditions for working with WizTech, Inc.
Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set at lists.owasp.org



This email and any files transmitted with it may contain confidential and/or proprietary information. It is intended solely for the use of the individual or entity who is the intended recipient. Unauthorized use of this information is prohibited. If you have received this in error, please contact the sender by replying to this message and delete this material from any system it may be on.

More information about the Owasp-modsecurity-core-rule-set mailing list