[Owasp-modsecurity-core-rule-set] Woe with 920270 (Null Byte...) (was: Re: Matched rule modification)

Christian Folini christian.folini at netnea.com
Mon Jul 10 08:08:24 UTC 2017


Hey Ervin,

It certainly does not hurt to be on the same page.

Cheers,

Christian

On Mon, Jul 10, 2017 at 09:59:03AM +0200, Ervin Hegedüs wrote:
> Hi Christian,
> 
> many thanks for your reply,
> 
> On Mon, Jul 10, 2017 at 07:30:29AM +0200, Christian Folini wrote:
> > Hey Ervin,
> > 
> > Like I mentioned last week, we want to come up with a solution to all
> > this non-ascii problems with CRS for 3.1. Chaim has explained the
> > problem pretty well and unfortunately, this stretches to more rules.
> > 
> > You manage to run curl and you have servers with non-ascii payloads.
> > So you will be an excellent partner when we come up with new rules
> > and approaches to this problem. It is likely to take a while, but 
> > once we have something to show, testing it on real servers
> > is very important.
> 
> right, I'm waiting for your result.
> 
> Till I can build the Modsecurity with Apache too, and can check -
> would it be helpful to you, or not?
> 
> 
> Thanks again,
> 
> 
> a.

-- 
https://www.feistyduck.com/training/modsecurity-training-course
mailto:christian.folini at netnea.com
twitter: @ChrFolini


More information about the Owasp-modsecurity-core-rule-set mailing list