I was able to solve  a false positive with these two methods, but they seemed to broad to me:

Method 1:
SecRule REQUEST_URI "/newthread.php.*" phase:2,nolog,auditlog,allow,ctl:requestBodyAccess=Off

Method 2:
<Directory /hsphere/local/home/kamxxxx/ddddddk.com>
    SecRuleEngine DetectionOnly
</Directory>

However, I am not able to limit the scope of this rule. I tried this, but it doesn't prevent the false positive.

#<Directory /hsphere/local/home/kamxxxx/ddddddk.com>
#   SecRule REQUEST_URI "/newthread.php.*" phase:2,nolog,auditlog,allow,ctl:requestBodyAccess=Off
#</Directory>

Is it possible to limit the scope more on a server that has many virtual hosted accounts?



--
Gil Vidals

CONFIDENTIALITY NOTICE: The information contained in this transmission may contain privileged and confidential information.  It is intended only for the use of the person(s) named above.  If you are not the intended recipient, please contact the sender by reply email and permanently delete the original message.