[Owasp-modsecurity-core-rule-set] Question about REQUEST-920-PROTOCOL-ENFORCEMENT.conf

Ed Greenberg edg at greenberg.org
Mon Jul 31 15:58:34 UTC 2017

On 07/31/2017 10:59 AM, Chaim Sanders wrote:
> The next rule you have highlighted is 920270. This indicates that a 
> null byte was passed to a cookie. Null bytes are used in various 
> attacks but are almost always avoided by legit applications. This rule 
> can be found here: 
> https://github.com/SpiderLabs/owasp-modsecurity-crs/blob/e4e0497be4d598cce0e0a8fef20d1f1e5578c8d0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf#L564

I would very much  like to see the audit log entry for the 920270 hit.

Ed Greenberg
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-modsecurity-core-rule-set/attachments/20170731/c8d3d78a/attachment.html>

More information about the Owasp-modsecurity-core-rule-set mailing list