[Owasp-modsecurity-core-rule-set] the whole modsecurity_crs_41_sql_injection_attacks.conf needs exceptions for google analytics and piwik cookies

kause lotski kauselot at yahoo.com
Wed Sep 7 19:05:23 EDT 2011


I have found that almost all rules in modsecurity_crs_41_sql_injection_attacks.conf need !REQUEST_COOKIES:/^_pk_ref.*/|!REQUEST_COOKIES:/^__utmz$/|!ARGS:gclid  for google adwords, google analytics  and piwik to work ok with mod_security.

Hope this helps someone else
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-modsecurity-core-rule-set/attachments/20110907/e7ca5b23/attachment.html 


More information about the Owasp-modsecurity-core-rule-set mailing list