diff --git a/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf b/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf
index 70d1cb101..731cfe886 100644
--- a/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf
+++ b/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf
@@ -1343,7 +1343,6 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|!REQUEST_COOKIES:/_pk_ref/|REQU
     setvar:'tx.%{rule.id}-OWASP_CRS/WEB_ATTACK/SQL_INJECTION-%{MATCHED_VAR_NAME}=%{tx.0}'"
 
 
-
 SecRule TX:EXECUTING_PARANOIA_LEVEL "@lt 3" "id:942015,phase:1,pass,nolog,skipAfter:END-REQUEST-942-APPLICATION-ATTACK-SQLI"
 SecRule TX:EXECUTING_PARANOIA_LEVEL "@lt 3" "id:942016,phase:2,pass,nolog,skipAfter:END-REQUEST-942-APPLICATION-ATTACK-SQLI"
 #
@@ -1531,6 +1530,48 @@ SecRule ARGS "@rx \W{4}" \
     setvar:'tx.%{rule.id}-OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION-%{MATCHED_VAR_NAME}=%{tx.0}'"
 
 
+#
+# -=[ LibInjection Check on last path segment ]=-
+#
+# This is a sibling of rule 942100 that adds checking of the last path segment.
+#
+# libinjection is more likely to fail when passing the full path. E.g. the following
+# string produces a match:
+# 999999.1 union select unhex(hex(version())) -- and 1=1
+# while this doesn't:
+# /999999.1 union select unhex(hex(version())) -- and 1=1\.
+# Therefore, we capture the last segment of the path and only match that with
+# libinjection. Incidentally, the last path segment is also the most likely
+# to be used for injection, other segments will most likely not be affected.
+#
+SecRule REQUEST_FILENAME "@rx ^/(?:[^/]*/)*(.*)$" \
+    "id:942101,\
+    phase:2,\
+    block,\
+    capture,\
+    t:none,t:utf8toUnicode,t:urlDecodeUni,t:removeNulls,\
+    msg:'SQL Injection Attack Detected via libinjection',\
+    logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\
+    tag:'application-multi',\
+    tag:'language-multi',\
+    tag:'platform-multi',\
+    tag:'attack-sqli',\
+    tag:'OWASP_CRS/WEB_ATTACK/SQL_INJECTION',\
+    tag:'WASCTC/WASC-19',\
+    tag:'OWASP_TOP_10/A1',\
+    tag:'OWASP_AppSensor/CIE1',\
+    tag:'PCI/6.5.2',\
+    tag:'paranoia-level/3',\
+    ver:'OWASP_CRS/3.1.0',\
+    severity:'CRITICAL',\
+    chain"
+    SecRule TX:1 "@detectSQLi" \
+        "setvar:'tx.anomaly_score_pl3=+%{tx.critical_anomaly_score}',\
+        setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\
+        setvar:'tx.msg=%{rule.msg}',\
+        setvar:'tx.%{rule.id}-OWASP_CRS/WEB_ATTACK/SQL_INJECTION-%{MATCHED_VAR_NAME}=%{MATCHED_VAR}'"
+
+
 SecRule TX:EXECUTING_PARANOIA_LEVEL "@lt 4" "id:942017,phase:1,pass,nolog,skipAfter:END-REQUEST-942-APPLICATION-ATTACK-SQLI"
 SecRule TX:EXECUTING_PARANOIA_LEVEL "@lt 4" "id:942018,phase:2,pass,nolog,skipAfter:END-REQUEST-942-APPLICATION-ATTACK-SQLI"
 #