[Owasp-modsecurity-core-rule-set] rule bypass

Chris Datfung chris.datfung at gmail.com
Sat Jan 16 17:02:56 EST 2010


I get the following message in section H of a false positive event:

Message: Pattern match "['";=]" at FILES:cvFilename. [file
"/opt/modsecurity/etc/crs/base_rules/modsecurity_crs_20_protocol_violations.conf"]
[line "51"] [msg "Attempted multipart/form-data bypass"] [severity
"CRITICAL"]

That rule does not have a rule id. How do I whitelist this?

Also if I may be so rude, but for the benefit of others and myself, I have a
hard time wrapping my brain around the new whitelisting method in the v2.*
CRS, can you please explain the methodology?

Thank you,

 - Chris
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-modsecurity-core-rule-set/attachments/20100117/bb84f3e5/attachment.html 


More information about the Owasp-modsecurity-core-rule-set mailing list