From 361f34c19f35cdedf72f1fe0ac936e5186c2bd54 Mon Sep 17 00:00:00 2001
From: vasco <vasco@vascoalves.xyz>
Date: Tue, 2 Jun 2026 22:49:55 +0100
Subject: [PATCH] kys11

---
 conf/modsecurity.conf | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/conf/modsecurity.conf b/conf/modsecurity.conf
index 674a4dd..0a36aaa 100644
--- a/conf/modsecurity.conf
+++ b/conf/modsecurity.conf
@@ -9,11 +9,11 @@ SecAuditLog /var/log/modsecurity/audit.log
 
 # sql injection
 SecRule REQUEST_URI|ARGS "['\";]|--" \
-    "id:950001,phase:2,deny,status:403,msg:'SQL Injection Attack Detected',log"
+    "id:950001,phase:1,deny,status:403,msg:'SQL Injection Attack Detected',log"
 
 # xss / html injection
-SecRule REQUEST_URI|ARGS "<.*>" \
-    "id:950003,phase:2,deny,status:403,msg:'XSS/HTML Injection Detected',log"
+SecRule REQUEST_URI ARGS "<.*>" \
+    "id:950003,phase:1,deny,status:403,msg:'XSS/HTML Injection Detected',log"
 
 # command injection
 SecRule ARGS "(\"role\".*:.*\"admin\")|exec|cat|more|ls|dir|/etc/passwd" \