[Owasp-modsecurity-core-rule-set] rule bypass

Chris Datfung chris.datfung at gmail.com
Sat Jan 16 17:02:56 EST 2010

I get the following message in section H of a false positive event:

Message: Pattern match "['";=]" at FILES:cvFilename. [file
[line "51"] [msg "Attempted multipart/form-data bypass"] [severity

That rule does not have a rule id. How do I whitelist this?

Also if I may be so rude, but for the benefit of others and myself, I have a
hard time wrapping my brain around the new whitelisting method in the v2.*
CRS, can you please explain the methodology?

Thank you,

 - Chris
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-modsecurity-core-rule-set/attachments/20100117/bb84f3e5/attachment.html 

More information about the Owasp-modsecurity-core-rule-set mailing list