(pretty new at mod_security).
I am running mod_security (latest version) on front of a webapplication. This webapplication generates a signature and appends this to the query string. Because this signature contains a large random string it sometimes contains a forbidden string and is blocked by mod_security by a false positive.
Is it possible to exclude a single query string variable for inspection by mod_security (and to set that globally, not in each rule) ?
Thanks in advance