[mod-security-users] SecRule REQUEST_FILENAME & ctl:ruleRemoveById

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Hello,

I try to exclude one specific file from the core rule 990011.

modsecurity_crs_98_devcon.conf:

SecRule REQUEST_URI "^/schedule\.php$" 
"phase:1,nolog,pass,ctl:ruleRemoveById=990011"

A similar rule with REQUEST_URI regarding /server-status is working fine.

SecRule REQUEST_URI "/server-status" 
"phase:1,nolog,pass,ctl:ruleRemoveById=990011"

But I am not able to exclude the file /schedule.php for alle hosts.

Any help is welcome,

Thanks,
Thomas

mod_security 2.5

[Thu May 01 15:00:35 2008] [error] [client 192.168.2.28] ModSecurity: 
Warning. Match of "rx ^apache.*perl" against 
"REQUEST_HEADERS:User-Agent" required. [file 
"/etc/httpd/conf/modsecurity/modsecurity_crs_35_bad_robots.conf"] [line 
"29"] [id "990011"] [msg "Request Indicates an automated program 
explored the site"] [severity "NOTICE"] [tag "AUTOMATION/MISC"] 
[hostname "www.vistore.at"] [uri "/shedule.php"] [unique_id 
"2fS@LMCoAhwAAHZ7ccMAAAAE"]
~

Request Details
GET /shedule.php HTTP/1.0
Host: www.vistore.at
Accept: text/html, text/plain, audio/mod, image/*, application/msword, 
applicatio \
n/pdf, application/postscript, text/sgml, */*;q=0.01
Accept-Language: en
User-Agent: Lynx/2.8.5rel.1 libwww-FM/2.14 SSL-MM/1.4.1 OpenSSL/0.9.8b