Currently if a domain name has its own domain name in a URL arg it will get blocked. Make the engine smart enough to know that if the host in the URI is the same thing as the host in the packet to not block
IE: a site has a redirect to link or a page from (search engine, etc) in the post or URI

Maybe make a whitelist of all of the domains local to the server and if the URL is not in the whitelist then pass it through the normal rules. This would allow the posting of URLs through out sites when the URL posted is the same as the vhost hosting the application in question.

added as a feature request to the queue.

Wow, Hostingguy, you are on the move! ART is getting busy with the feature request.

Any movement on this? This is probably one of the most occuring cause of false positives, trying to redirect to a url or post a URL that is also on the same site.

Its actually a very very complicated feature, if we don't do it right it opens a huge hole so its gonna take time to get it right. When its ready you'll know.

I completely understand, and I appologize if I came accross as impatient or rushing you.

I was just wondering if was actively being worked on or still written in (chalk|marker) on a board somewhere

Written and heavily tested. We're concerned that it may be possible to spoof it and we don't want that.

I have recieved word that this is out in the wild now.
Thanks guys!

Yep, its in the latest ASL/subscriber rules.

My head hurts from this one... and yes, if done wrong it was spoofable, even the modsecurity docs were wrong on this one - but we are doing it right, its not spoofable for ASL, but if you try to roll this yoursel its easy to get it wrong.

Thank you for this, This should solve a lot of problems.