Giters

SpiderLabs / owasp-modsecurity-crs

OWASP ModSecurity Core Rule Set (CRS) Project (Official Repository)

Home Page:https://modsecurity.org/crs

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Blocking Object as get arguments gets blocked with Rule REQUEST-949-BLOCKING-EVALUATION.conf

impondesk opened this issue · comments

commented

Description

Requests with object as parameter is getting blocked since of the Rule 949 as anomaly score is higher 5+ for the respective requests. As per definitions requests with score 4+ gets blocked.

Audit Logs / Triggered Rule Numbers

REQUEST-949-BLOCKING-EVALUATION.conf

Your Environment

  • CRS version (e.g., v3.2.0): v3.0.2
  • Paranoia level setting:
  • ModSecurity version (e.g., 2.9.3): v3/master
  • Web Server and version (e.g., apache 2.4.41): NGINX 1.16.1
  • Operating System and version: Amazon Linux AMI 2018.03
  • Framework : SailsJS 1.0

After disabling the rule requests are working as expected, once we enable this blocks all requests with object as input request parameter; whereas string / other types works properly.

Kindly assist.