False positives for sqli on password field

Customer support forums for the modsecurity rules feed. There is no such thing as a bad question here as long as it pertains to using the real time modsecurity rules feed. Newbies feel free to get help getting started or asking questions that may be obvious.
Post Reply
miyasuka
Forum User
Forum User
Posts: 7
Joined: Sat Nov 17, 2012 11:46 am
Location: Rome

False positives for sqli on password field

Unread post by miyasuka »

modsec is generating false positives for sql injection on the password field of our main website login form. Customers with complex passwords containg ';','=', chars etc are getting locked out. Either we restrict the use of these characters when the user creates their password or we have to disable the rule. Neither seem like good solutions. Any advice on how best to handle this?
Top
prupert
Forum Regular
Forum Regular
Posts: 573
Joined: Tue Aug 01, 2006 2:45 pm
Location: Netherlands

Re: False positives for sqli on password field

Unread post by prupert »

1. Reporting False Positives:
https://www.atomicorp.com/wiki/index.ph ... _Positives

2. Customizing a rule:
https://www.atomicorp.com/wiki/index.ph ... ing_a_rule
Lemonbit Internet Dedicated Server Management
Top
Post Reply

Return to “Atomicorp Modsecurity Rules Support”