libinjection icon indicating copy to clipboard operation
libinjection copied to clipboard
verified publisher icon client9

False Positive for SQLi

Open andywgrant opened this issue 9 years ago • 1 comments

My ModSecurity logs are reporting a detection by libinjection that is clearly a false positive (even its matched data seems a little bizarre).

[msg "SQL Injection Attack Detected via libinjection"][data "Matched Data: novc found within ARGS:username: a!@#"]

andywgrant avatar Feb 20 '17 19:02 andywgrant

For now just create an exception. SecRuleUpdateTargetById <RULE ID TRIGGERED> "!ARGS:username" That will disable the rule validation for the parameter.

jptosso avatar Apr 26 '17 02:04 jptosso