Problem with Arabic characters and rule id 960024

[abunour22]

Hi,

Our environment:
Windows 2012 Server R2 Standard;
Apache/2.4.12 (Win64) OpenSSL/1.0.1m PHP/5.6.9;
ModSecurity for Apache/2.8.0; OWASP_CRS/2.2.9

We have Arabic version of website with pages that contains Arabic letters. We don't have any problem with ModSecurity when Post any English letters. Problem exist when Anyone POST comments with Arabic letters.

This Message form Apache Log :

Message: Access denied with code 403 (phase 2). Pattern match "\\W{4,}" at ARGS:comment. 
[file "C:/Apache24/conf/crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] 
[line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] 
[data "Matched Data: \xd8\xb5\xd8\xa8\xd8\xa7\xd8\xad \xd8\xa7\xd9\x84\xd8\xae\xd9\x8a\xd8\xb1 
found within ARGS:comment: \xd8\xb5\xd8\xa8\xd8\xa7\xd8\xad \xd8\xa7\xd9\x84\xd8\xae\xd9\x8a\xd8\xb1"] 
[ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "8"]

We Add these in httpd.conf m but still the same issue !!

SecUnicodeMapFile crs\unicode.mapping
SecUnicodeCodePage 1256

Best regards,
shadi

[dune73]

This is solved with Core Rule Set 3.0.

See #151.

Closing this for now.