I try to create a rule allowing any parameter value containing scrip%u0074 (Unicode value of t) to be passed. I create such a rule:
SecRule REQUEST_URI "@contains scrip%u0074" \
"id:1234567,phase:1,pass,t:none,t:urlDecodeUni,logdata:'Bypass script',ctl:ruleRemoveTargetByTag=attack-xss,ctl:ruleRemoveTargetById=920220"
But other rules still block it. When I remove the part with t:..., it works, but the value sent to the web application is not script (Unicode replaced by utf-8), but still Unicode.
How can we improve that rule to avoid detection/blocking by other rules and replace unicode to utf-8?