I have some text areas in a form that are posted back and stored using PHP / MySQL. However, if a user presses return for a new line in the text area, mod_security is blocking it with the below log entry:
Pattern match "\\W{4,}" at ARGS:notes. [file "/etc/httpd/modsecurity-crs/base_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \x0d\x0a\x0d\x0a found within ARGS:notes: This is Test Request #5\x0d\x0a\x0d\x0aThanks"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "8"]
My question is this….is there anything more I can do in my code or a small exception I can make in mod_security? I don't want to disable this entire rule because it's important but, at the same time, I need users to be able to enter data in text areas with returns if they'd like.
Thank you.
Best Answer
Easiest way is to disable the Rule for the URL receiving the POST: