On Thu, Sep 12, 2013 at 4:40 PM, David R <rewt@linux-elite.org> wrote:

But i still have an issue, my exclude file contains:

SecRuleUpdateTargetByTag "WEB_ATTACK/XSS" "!ARGS:password"
SecRuleUpdateTargetByTag "WEB_ATTACK/SQL_INJECTION" "!ARGS:password"
SecRuleUpdateTargetByTag "WEB_ATTACK/RESTRICTED_SQLI_CHARS" "!ARGS:password"


But i have an issue with that... my WAF is working as a reverse proxy with
several VirtualHosts. And by doing that i cannot specify for which
virtualhost my rule is right ?

Is there a way to specify VirtualHost and Location for these rules to be
more "granular".


Hi David,

You can use the (undocumented) ruleRemoveTargetByTag ctl option, e.g.:

SecRule REQUEST_URI "/login.pl" "phase:1,t:none,pass, \
  id:613,nolog,ctl:ruleRemoveTargetByTag=WEB_ATTACK/SQL_INJECTION;ARGS:password

Since this rule is triggered at run time, it should be specified before the rules it is disabling.

--
 - Josh

 
I tried

<Location "/login.pl">
SecRuleUpdateTargetByTag "WEB_ATTACK/XSS" "!ARGS:password"
SecRuleUpdateTargetByTag "WEB_ATTACK/SQL_INJECTION" "!ARGS:password"
SecRuleUpdateTargetByTag "WEB_ATTACK/RESTRICTED_SQLI_CHARS" "!ARGS:password"
</Location>

And i got a strange "Segmentation fault"
Starting httpd: /bin/bash: line 1: 18459 Segmentation fault
/usr/sbin/httpd

Any idea on how i could solve that granularity issue ?

Kind regards,






------------------------------------------------------------------------------
How ServiceNow helps IT people transform IT departments:
1. Consolidate legacy IT systems to a single system of record for IT
2. Standardize and globalize service processes across IT
3. Implement zero-touch automation to replace manual, redundant tasks
http://pubads.g.doubleclick.net/gampad/clk?id=51271111&iu=/4140/ostg.clktrk
_______________________________________________
mod-security-users mailing list
mod-security-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
http://www.modsecurity.org/projects/commercial/rules/
http://www.modsecurity.org/projects/commercial/support/