I'm permanently running into issues after installing & configuring modsecurity. Currently I have the following error:
Message: Pattern match "(?:data:.*,)|(?:\w+\s*=\W*(?!https?)\w+:)|(jar:\w+:)|(=\s*"?\s*vbs(?:ript)?:)|(language\s*=\s?"?\s*vbs(?:ript)?)|on\w+\s*=\*\w+\-"?" at REQUEST_BODY. [file "/usr/local/cstm/apache2/mod-security.conf/modsecurity_crs_41_phpids_filters.conf"] [line "37"] [id "phpids-27"] [msg "Detects data: URL injections, VBS injections and common URI schemes"] [data "s=re:"] [severity "CRITICAL"] [tag "WEB_ATTACK"]
I'm getting tired of renaming fields to prevent such matches. This is something most developers might run into, hence I'd like to ask how you handle this situation. Many thanks!