Blocking Object as get arguments gets blocked with Rule REQUEST-949-BLOCKING-EVALUATION.conf #1700

impondesk · 2020-02-26T11:51:23Z

Description

Requests with object as parameter is getting blocked since of the Rule 949 as anomaly score is higher 5+ for the respective requests. As per definitions requests with score 4+ gets blocked.

Audit Logs / Triggered Rule Numbers

REQUEST-949-BLOCKING-EVALUATION.conf

Your Environment

CRS version (e.g., v3.2.0): v3.0.2
Paranoia level setting:
ModSecurity version (e.g., 2.9.3): v3/master
Web Server and version (e.g., apache 2.4.41): NGINX 1.16.1
Operating System and version: Amazon Linux AMI 2018.03
Framework : SailsJS 1.0

After disabling the rule requests are working as expected, once we enable this blocks all requests with object as input request parameter; whereas string / other types works properly.

Kindly assist.

impondesk added the False Positive label Feb 26, 2020

CRS-migration-bot mentioned this issue May 13, 2020

Blocking Object as get arguments gets blocked with Rule REQUEST-949-BLOCKING-EVALUATION.conf coreruleset/coreruleset#1700

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Blocking Object as get arguments gets blocked with Rule REQUEST-949-BLOCKING-EVALUATION.conf #1700

Blocking Object as get arguments gets blocked with Rule REQUEST-949-BLOCKING-EVALUATION.conf #1700

impondesk commented Feb 26, 2020

Blocking Object as get arguments gets blocked with Rule REQUEST-949-BLOCKING-EVALUATION.conf #1700

Blocking Object as get arguments gets blocked with Rule REQUEST-949-BLOCKING-EVALUATION.conf #1700

Comments

impondesk commented Feb 26, 2020

Description

Audit Logs / Triggered Rule Numbers

Your Environment