Libinjection Rule: 942100 False positive 0202 #157
Description
[-:error] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'f(n)' [file "/../.. /coreruleset-3.4-dev/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "65"] [id "942100"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: f(n) found within ARGS:q: cos(accckt)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/66"] [tag "PCI/6.5.2"] [hostname **************]
Your Environment
CRS version (v3.2.0):
Paranoia level setting:
ModSecurity version (v2.9.3):
Web Server and version (httpd2.4.41):
Operating System and version: RHEL 7.9
Confirmation
[ ] I have removed any personal data (email addresses, IP addresses,
passwords, domain names) from any logs posted.
Hi Guys,
I am getting this false positive when I click a particular tab in my website. Could you please help me that this rule can be removed or we have any other fix?