Re: [mod-security-users] SecResponseBodyLimit
Brought to you by:
victorhora,
zimmerletw
From: Christian B. <ch...@jw...> - 2009-06-15 20:53:27
|
Hi Dave! Am 15.06.2009 um 22:37 schrieb David Brown: > SecResponseBodyLimit is defined in modsecurity_crs_10_config.conf of > the core rules as 512k. My question is this. If I change it's > value, when I update the core rules it will overwrite it? I know i > can have a different config to remove rules by ID or other things, > but how would I keep this specific value from being overwritten when > upgrading the core rules? > Assuming you do include the rules by a line like Include /path/to/rules/*.conf The you can simply create a file "modsecurity_crs_10_config_custom.conf", which should then be listed after the core-rules config file (usually the include-order is ordered according to file-names). When you put your re-definition of the SecResponseBodyLimit into your custom config file, this will overwrite the original core-rules setting. The same principle is valid for defining exceptions for specific URLs or update rule actions. The crucial part here is, that the action updates need to be evaluated by apache AFTER the rule has been defined. So you could for instance simple create a new file "modsecurity_crs_99_exceptions.conf" for that. Please note, that you might need to put some directives into the right phase for getting the right result. E.g. if you have a conditional update of a rule action SecRule REQUEST_URI /exceptional/url "<remove/modify-some- previous-rules-here>" and this rule is placed in phase-2 (e.g. because of the SecDefaultAction value), then any rules in phase-1 will not get updated before they are fired. At least, if I understood everything right :-) Regards, Chris |