[mod-security-users] SecRule REQUEST_FILENAME & ctl:ruleRemoveById
Brought to you by:
victorhora,
zimmerletw
From: Thomas K. <mod...@ko...> - 2008-05-01 13:12:42
|
Hello, I try to exclude one specific file from the core rule 990011. modsecurity_crs_98_devcon.conf: SecRule REQUEST_URI "^/schedule\.php$" "phase:1,nolog,pass,ctl:ruleRemoveById=990011" A similar rule with REQUEST_URI regarding /server-status is working fine. SecRule REQUEST_URI "/server-status" "phase:1,nolog,pass,ctl:ruleRemoveById=990011" But I am not able to exclude the file /schedule.php for alle hosts. Any help is welcome, Thanks, Thomas mod_security 2.5 [Thu May 01 15:00:35 2008] [error] [client 192.168.2.28] ModSecurity: Warning. Match of "rx ^apache.*perl" against "REQUEST_HEADERS:User-Agent" required. [file "/etc/httpd/conf/modsecurity/modsecurity_crs_35_bad_robots.conf"] [line "29"] [id "990011"] [msg "Request Indicates an automated program explored the site"] [severity "NOTICE"] [tag "AUTOMATION/MISC"] [hostname "www.vistore.at"] [uri "/shedule.php"] [unique_id "2fS@LMCoAhwAAHZ7ccMAAAAE"] ~ Request Details GET /shedule.php HTTP/1.0 Host: www.vistore.at Accept: text/html, text/plain, audio/mod, image/*, application/msword, applicatio \ n/pdf, application/postscript, text/sgml, */*;q=0.01 Accept-Language: en User-Agent: Lynx/2.8.5rel.1 libwww-FM/2.14 SSL-MM/1.4.1 OpenSSL/0.9.8b |