[Owasp-modsecurity-core-rule-set] disable core set rules for a specific php file / finding out a rule number?

Tom tomzamir at gmail.com
Thu Jan 14 00:11:20 EST 2010


Hello

I know this has been asked before, but I am unable to accomplish this task
without breaking apache.

I am using mod_sec v1.9.5 and owasp 2.0.4.

So I do not mind turning mod_sec all together for a specific file in the
site, or just the problematic rule, but I am not even sure how to find out
the rule number, i can't see it in the logs.

What I do see is the false positive:

message: Warning. Operator GE matched 5 at TX:anomaly_score. [file
"/usr/local/apache/conf/modsecurity/base_rules/modsecurity_crs_60_correlation.conf"]
[line "46"] [msg "Transactional Anomaly Score (score 175): IE XSS Filters -
Attack Detected"]

get:/';alert(String.fromCharCode(88,83,83))///';alert(String.fromCharCode(88,83,83))//%22;alert(String.fromCharCode(88,83,83))///%22;alert(String.fromCharCode(88,83,83))//--%3E%3C/SCRIPT%3E%22%3E'%3E%3CSCRIPT%3Ealert(String.fromCharCode(88,83,83))%3C/SCRIPT%3E
HTTP/1.1

Please help, I have tried everything and searched google for hours!

Thanks in advance

Tom
-- 
The mind apprehends reality
and hearkens to the call of the senses
but does not shine with its own light. - Patanjali (via A. Villodo)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-modsecurity-core-rule-set/attachments/20100113/5180489c/attachment.html 


More information about the Owasp-modsecurity-core-rule-set mailing list