[Owasp-modsecurity-core-rule-set] Woe with 920270 (Null Byte...) (was: Re: Matched rule modification)

Ervin Hegedüs airween at gmail.com
Mon Jul 10 07:59:03 UTC 2017


Hi Christian,

many thanks for your reply,

On Mon, Jul 10, 2017 at 07:30:29AM +0200, Christian Folini wrote:
> Hey Ervin,
> 
> Like I mentioned last week, we want to come up with a solution to all
> this non-ascii problems with CRS for 3.1. Chaim has explained the
> problem pretty well and unfortunately, this stretches to more rules.
> 
> You manage to run curl and you have servers with non-ascii payloads.
> So you will be an excellent partner when we come up with new rules
> and approaches to this problem. It is likely to take a while, but 
> once we have something to show, testing it on real servers
> is very important.

right, I'm waiting for your result.

Till I can build the Modsecurity with Apache too, and can check -
would it be helpful to you, or not?


Thanks again,


a.



More information about the Owasp-modsecurity-core-rule-set mailing list