From e9616a8c7c35571c7c316feed73a5f4249a68cb8 Mon Sep 17 00:00:00 2001
From: vasco <vasco@vascoalves.xyz>
Date: Tue, 2 Jun 2026 23:10:52 +0100
Subject: [PATCH] kys12

---
 conf/modsecurity.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/conf/modsecurity.conf b/conf/modsecurity.conf
index 0a36aaa..44a4911 100644
--- a/conf/modsecurity.conf
+++ b/conf/modsecurity.conf
@@ -12,7 +12,7 @@ SecRule REQUEST_URI|ARGS "['\";]|--" \
     "id:950001,phase:1,deny,status:403,msg:'SQL Injection Attack Detected',log"
 
 # xss / html injection
-SecRule REQUEST_URI ARGS "<.*>" \
+SecRule REQUEST_URI|ARGS "(<.*>)|(%3C.*%3E)" \
     "id:950003,phase:1,deny,status:403,msg:'XSS/HTML Injection Detected',log"
 
 # command injection