The rule I would like to use is:


SecRule REQUEST_URI "@contains ChartImage" "phase:1,t:none,nolog,pass,ctl:ruleRemoveById=981173"


The syntax is correct but it breaks the conf file.



From: Weiss, Michael C
Sent: Tuesday, June 03, 2014 12:54 PM
To: ''
Subject: SecAction breaks custom config file


Version: ModSecurityIIS_2.8.0-64b



I’m trying to use SecAction in my custom rules file. Whenever I place even the most basic SecAction command in my config it breaks so I don’t think it has to do with my syntax. I’ve copy and pasted rules from the documentation to see if they would work and they don’t. Does IIS log when modsecurity experiences a syntax error?


The rule I would like to use:

SecRule "ChartImage" "@contains ChartImage" "phase:1,t:none,nolog,pass,ctl:ruleRemoveById=981173"


These work perfectly:

SecRuleRemoveById 973347

SecRuleUpdateTargetById 981173 !ARGS:txtUserName_ClientState