Description

This rules detects when shell commands and raw code are injected into a request.

Troubleshooting

False Positives

This rule may produce a false positive if an application allows the use of shell commands or raw code in a safe and secure manner. The rules contain a large library of known trusted methods, however it is possible an application may be using a previously untested method. It is not recommended that you disable this rule if you have a false positive. If you believe this is a false positive, please report this to our security team to determine if this is a legitimate case, or if its clever attack on your system. Instructions to report false positives are detailed on the Reporting False Positives wiki page. If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

Tuning Guidance

See the Mod_security page for guidance on tuning this rule.

Additional Information

Similar Rules

None.

Knowledge Base Articles

None.

Outside References

None.

Notes

None.