False positives for sqli on password field
False positives for sqli on password field
modsec is generating false positives for sql injection on the password field of our main website login form. Customers with complex passwords containg ';','=', chars etc are getting locked out. Either we restrict the use of these characters when the user creates their password or we have to disable the rule. Neither seem like good solutions. Any advice on how best to handle this?
Re: False positives for sqli on password field
1. Reporting False Positives:
https://www.atomicorp.com/wiki/index.ph ... _Positives
2. Customizing a rule:
https://www.atomicorp.com/wiki/index.ph ... ing_a_rule
https://www.atomicorp.com/wiki/index.ph ... _Positives
2. Customizing a rule:
https://www.atomicorp.com/wiki/index.ph ... ing_a_rule
Lemonbit Internet Dedicated Server Management