coreruleset · theseion · Nov 14, 2025 · Nov 12, 2025 · Nov 13, 2025 · Nov 13, 2025
diff --git a/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf b/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf
@@ -1814,6 +1814,18 @@ SecRule ARGS_NAMES|ARGS|XML:/* "@rx ((?:[~!@#\$%\^&\*\(\)\-\+=\{\}\[\]\|:;\"'´
 #
 # The pattern may occur in some normal texts, e.g. "foo...." will match.
 #
+# If your traffic contains languages that include accented characters, such as French,
+# Spanish, or German, be aware that you may encounter more false positives than
+# usual. In this case, you may consider increasing the consecutive occurrence limit
+# to 5 instead of 4.
+#
+# This will help avoid common triggers such as "test=+à+", which is frequent in French.
+#
+# All languages that use characters without a valid representation outside of UTF-8
+# (i.e., relying solely on multi-byte sequences such as %E6%84%9B (Japanese))
+# are incompatible with this rule.
+# In such cases, the rule should be globally disabled.
+#
 SecRule ARGS "@rx \W{4}" \
     "id:942460,\
     phase:2,\