diff --git a/conf/modsecurity.conf b/conf/modsecurity.conf
index 15a9cf3..579d32d 100644
--- a/conf/modsecurity.conf
+++ b/conf/modsecurity.conf
@@ -8,12 +8,12 @@ SecAuditLogType Serial
 SecAuditLog /var/log/modsecurity/audit.log
 
 # sql injection
-SecRule REQUEST_URI|ARGS "(?i:(?:select|insert|update|delete|drop|union|create|alter|truncate)\s+.+\s+from|'[^']*'|--|;|\b(or|and)\b\s+\d+\s*=\s*\d+)" \
-    "id:950001,phase:1,deny,status:403,msg:'SQL INJECTION ATTACK DETECTED!!!',log,t:urlDecode,t:sqlHexDecode,t:lowercase"
+SecRule ARGS "(?i)(['\"]|--|#|/\*|\*/)" \
+    "id:950001,phase:2,deny,status:403,msg:'SQL Injection: Escape or Comment',log,t:urlDecode,t:lowercase"
 
-# sql injection parte 2
-SecRule REQUEST_URI|ARGS "['\"](?:\s+or\s+\d+\s*=\s*\d+\s*--|\s+or\s+'.+?'\s*=\s*'.+?'\s*--|.*?--)" \
-    "id:950002,phase:1,deny,status:403,msg:'SQL INJECTION ATTACK DETECTED!1!',log,t:urlDecode,t:lowercase,t:compressWhitespace"
+# sql keyword
+SecRule ARGS "(?i)\b(select|insert|update|delete|drop|union|grant|alter|truncate)\b" \
+    "id:950002,phase:2,deny,status:403,msg:'SQL Injection: Keyword',log,t:urlDecode,t:lowercase"
 
 # xss / html injection
 SecRule REQUEST_URI|ARGS "(<.*>)|(%3C.*%3E)" \