From ab3cbb9081798ead06a1162b2a8be4e7ff9bbfc1 Mon Sep 17 00:00:00 2001
From: vasco <vasco@vascoalves.xyz>
Date: Wed, 3 Jun 2026 11:39:05 +0100
Subject: [PATCH] the council

---
 conf/modsecurity.conf | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/conf/modsecurity.conf b/conf/modsecurity.conf
index 1ba74f3..b6777ab 100644
--- a/conf/modsecurity.conf
+++ b/conf/modsecurity.conf
@@ -6,6 +6,7 @@ SecDebugLogLevel 0
 SecAuditLogParts ABIJ
 SecAuditLogType Serial
 SecAuditLog /var/log/modsecurity/audit.log
+SecRequestBodyJsonParser On
 
 # sql injection
 SecRule ARGS|REQUEST_BODY "['\"].*--" \
@@ -15,11 +16,6 @@ SecRule ARGS|REQUEST_BODY "['\"].*--" \
 SecRule ARGS "(?i)\b(select|insert|update|delete|drop|union|grant|alter|truncate)\b" \
     "id:950002,phase:2,deny,status:403,msg:'SQL Injection: Keyword',log,t:urlDecode,t:lowercase"
 
-# sql3 (teste)
-# SecRule ARGS|ARGS_NAMES|REQUEST_COOKIES|REQUEST_COOKIES_NAMES|REQUEST_HEADERS|XML\
-#    "(?i)(select\s|insert\s|update\s|delete\s|drop\s|union\s|--|#|/\*|\*/|'|\")"\
-#    "id:950100,phase:2,deny,status:403,msg:'SQL',log,t:urlDecode,t:lowercase"
-
 # xss / html injection
 SecRule REQUEST_URI|ARGS "(<.*>)|(%3C.*%3E)" \
     "id:950003,phase:1,deny,status:403,msg:'XSS/HTML INJECTION DETECTED!!!',log"