0

What do you do about common English text firing off the CRS rules?

e.g. look at the phrases here, they all fire off a CRS alert. They are examples of reasonable text that a user could enter, and clearly I can just switch off the rules, but then the rules must be relevant for most/some people or they wouldn't exist. A quote in someone's name is very common.

Just to be clear, I can switch off the rules, I just can't understand how they work in normal circumstances

   var data = { model: { someText: "mark o'brien o'reilly" } };
   //var data = { model: { someText: "mark o\'brien o\'reilly" } };
   //var data = { model: { someText: "Area 5 or 7" } };
   //var data = { model: { someText: "Examples of quotes are:\"To be...\", \"Never before...\"" } };
   //var data = { model: { someText: "test <em><strong>1</strong></em>" } };

   //var data = { model: { someText: ":\"" } };
   //var data = { model: { someText: "or 1=1" } };
   //var data = { model: { someText: "<p>" } };

   $.ajax({
        type: 'POST',
        url: "Test/Index",
        contentType: 'application/json; charset=utf-8',
        
        data: JSON.stringify(data),
        success: function (result)
        {
        },
        error(e)
        {
            alert('error')
        }
    });
tony
  • 2,178
  • 2
  • 23
  • 40

1 Answers1

1

open text areas containing can be prone to false positives, the CRS has a set of Rule Exclusions, take a look at them to see how to handle problematic parameters (here is the one for Wordpress.

The CRS uses several mechanisms to help you keep the false positives under control, from those notably the Paranoia Level and the anomaly thresholds.

Identify the names of the parameters in your web application requests that trigger the rules and then you can start creating the exceptions or to exclude those parameters from the inspections of the problematic rules. I wrote this article addressing this long ago it can help you get started.

Manuel Spartan
  • 11
  • 2