Merge pull request SpiderLabs#27 from MichaelHaas/master

Catch only TX:12345-... variables
schewara · Apr 11, 2013 · be9eb34 · be9eb34
2 parents 19e0307 + b054a4d
commit be9eb34
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/base_rules/modsecurity_crs_49_inbound_blocking.conf b/base_rules/modsecurity_crs_49_inbound_blocking.conf
@@ -26,7 +26,7 @@ SecRule TX:ANOMALY_SCORE "@gt 0" \
     "chain,phase:2,id:'981176',t:none,deny,log,msg:'Inbound Anomaly Score Exceeded (Total Score: %{TX.ANOMALY_SCORE}, SQLi=%{TX.SQL_INJECTION_SCORE}, XSS=%{TX.XSS_SCORE}): Last Matched Message: %{tx.msg}',logdata:'Last Matched Data: %{matched_var}',setvar:tx.inbound_tx_msg=%{tx.msg},setvar:tx.inbound_anomaly_score=%{tx.anomaly_score}"
         SecRule TX:ANOMALY_SCORE "@ge %{tx.inbound_anomaly_score_level}" chain
                 SecRule TX:ANOMALY_SCORE_BLOCKING "@streq on" chain
-                        SecRule TX:/^\d/ "(.*)"
+                        SecRule TX:/^\d+\-/ "(.*)"
 
 # Alert and Block on a specific attack category such as SQL Injection
 #