On Thu, Jul 18, 2013 at 11:07 AM, Abfalterer, Armin <Armin.Abfalterer@united-security-providers.ch> wrote:
Hi all,

we've encountered lots of false positive (caused by different rules) due to the particular value of a specific cookie.

So my question is if it is possible to exclude a specific cookie from the  mod_security validation?


Hi Armin,

The easiest way is probably to use SecRuleUpdateTargetByTag and then cycle through the various tags, e.g.:

SecRuleUpdateTargetByTag "WEB_ATTACK/XSS" "!REQUEST_COOKIES"
SecRuleUpdateTargetByTag "WEB_ATTACK/SQL_INJECTION" "!REQUEST_COOKIES
...

--
 - Josh
 
Regards, Armin

------------------------------------------------------------------------------
See everything from the browser to the database with AppDynamics
Get end-to-end visibility with application monitoring from AppDynamics
Isolate bottlenecks and diagnose root cause in seconds.
Start your free trial of AppDynamics Pro today!
http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
_______________________________________________
mod-security-users mailing list
mod-security-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
http://www.modsecurity.org/projects/commercial/rules/
http://www.modsecurity.org/projects/commercial/support/