I'm trying to skip a rule based on a filename, and thought this config should achieve that:

SecRule REQUEST_FILENAME "^/products/.*thumbnail.gif$" "nolog,pass,ctl:RuleRemoveById=990012"

The thing is, I'm still seeing hits for that rule in the log with filenames that match

HEAD /products/6789H-HTM-ENG/thumbnail/thumbnail.gif HTTP/1.1
User-Agent: Jakarta Commons-HttpClient/3.1
.
Message: Warning. Pattern match "(?i:(?:c(?:o(?:n(?:t(?:entsmartz|actbot/)|cealed defense|veracrawler)|mpatible(?: ;(?: msie|\\.)|-)|py(?:rightcheck|guard)|re-project/1.0)|h(?:ina(?: local browse 2\\.|claw)|e(?:rrypicker|esebot))|rescent internet toolpak)|w(?:e(?:b(?: (?:downloader|by ..." at REQUEST_HEADERS:User-Agent. [file "/etc/httpd/modsecurity.d/activated_rules/modsecurity_crs_35_bad_robots.conf"] [line "27"] [id "990012"] [rev "2.2.5"] [msg "Rogue web site crawler"] [data "Jakarta"] [severity "WARNING"] [tag "AUTOMATION/MALICIOUS"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"]

Is it because the request is HEAD and not GET?

A
--
Aaron Macks