PrestaShop: FP on REQUEST_COOKIE
theMiddleBlue opened this issue · comments
Description
In my logs, I have seen a false positive on a request to a PrestaShop e-commerce:
GET /themes/control/cache/v_716_db8a1bc0baf2b785f3106c4d91c790e2_all.css HTTP/1.1
that triggered the Rule ID 941100 (XSS Attack Detected via libinjection) in REQUEST_COOKIE
:
Matched Data: XSS data found within REQUEST_COOKIES:PrestaShop-xxxxxxx
I self-assign this issue as a note to push a PR for an exclusion rule set for PrestaShop.
Possible solution
SecRuleUpdateTargetById 941100 !REQUEST_COOKIES:'/^PrestaShop/'