Re: [mod-security-users] whitelist User-Agent
Brought to you by:
victorhora,
zimmerletw
From: Ofer S. <of...@sh...> - 2009-05-05 16:37:27
|
As far as I recall SecRuleRemoveById is cannot be chained. You can use the action ctl:ruleRemoveById action instead in the 1st rule. ~ Ofer Ofer Shezaf [sh...@xi..., +972-54-4431119, www.xiom.com] > -----Original Message----- > From: Christian Bockermann [mailto:ch...@jw...] > Sent: Tuesday, May 05, 2009 2:44 PM > To: Roger Munk > Cc: Mod Security > Subject: Re: [mod-security-users] whitelist User-Agent > > Roger Munk wrote: > > I've been getting several FPs from rule 950006. The client browser > > (from Indonesia, thus the id;) has the following User-Agent string: > > Mozilla/5.0 (Windows; U; Windows NT 5.1; id; rv:1.9.0.7) Gecko/200902 > > 1910 Firefox/3.0.7 > > > > How can I whitelist the string id; only when its found in the User- > Agent? > > > > You should have success with a chained rule like the following: > > SecRule REQUEST_HEADERS:User-Agent "Mozilla/5.0 (Windows; U; > Windows > NT 5.1; id; rv:1.9.0.7) Gecko/200902 1910 Firefox/3.0.7" > "phase:1,chain,pass,msg:'Disabling rule 950006 for UA'" > SecRuleRemoveById 950006 > > Regards, > Chris > > ----------------------------------------------------------------------- > ------- > The NEW KODAK i700 Series Scanners deliver under ANY circumstances! > Your > production scanning environment may not be a perfect world - but thanks > to > Kodak, there's a perfect scanner to get the job done! With the NEW > KODAK i700 > Series Scanner you'll get full speed at 300 dpi even with all image > processing features enabled. http://p.sf.net/sfu/kodak-com > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Appliances, Rule Sets and Support: > http://www.modsecurity.org/breach/index.html |