Description

In version 4.6.0, rule 932270 seems a little too aggressive on the tilde + number matches. For example, "~20 minutes" triggers a false positive. I wonder if https://github.com/coreruleset/coreruleset/blob/main/regex-assembly/932270.ra can be updated to check for word boundaries or something.

How to reproduce the misbehavior (-> curl call)

• Set up a server with CRS 4.6.0.
• Add a GET parameter with a value of ~20 minutes (~20+minutes URL encoded).

Your Environment

• CRS version (e.g., v3.3.4): 4.6.0
• Paranoia level setting (e.g. PL1) : 1
• ModSecurity version (e.g., 2.9.6): 3.0.12
• Web Server and version or cloud provider / CDN (e.g., Apache httpd 2.4.54): Nginx
• Operating System and version: Linux

Confirmation

[X] I have removed any personal data (email addresses, IP addresses,
passwords, domain names) from any logs posted.