[Owasp-modsecurity-core-rule-set] SQL Rules - SQLi Score isn't set properly

Paul Rosenbusch pr at batix.com
Mon Nov 1 13:09:13 EDT 2010


when I simulate SQL-Injection Attacks while using the owasp-modsecurity-core-rule-set, the SQLi Score shows up empty in my audit logfile. The inbound anomaly score is exceeded and the attack is classified as "SQL Injection Attack", but there seems to be a bug with the SQLi Score. 

I use modsecurity-crs_2.0.8 and checked the modsecurity_crs_41_sql_injection_attacks.conf - setvar:tx.sql_injection_score=+%{tx.critical_anomaly_score} seems to be called properly on every entry.

Does anybody have a clue why this happens?

Thanks for your Help


More information about the Owasp-modsecurity-core-rule-set mailing list