[mod-security-users] Whitelisting an argument issue
Brought to you by:
victorhora,
zimmerletw
From: rewt r. <re...@li...> - 2012-07-15 08:25:22
|
Hello I am actualy setting up modsecurity for a website. I have to deal with false positives customization... For the exception based on LocationMatch + SecRuleRemoveById no problems! But when i need to whitelist a POST/GET parameter i encounter troubles. I tried much possibilities but none of them succeed. 5Apache restart but my whitelisted argument is not considered (still filtered) The argument i want to blacklist is "msg" (as you can imagine it s the content of a message posted by a user, so it may contains much false positive like smileys etc...) Below some rules i actually put in my modsecurity_crs_999 file: SecRule REQUEST_FILENAME "@streq /" "phase:1,t:none,nolog,pass,ctl:ruleRemoveById=*;ARGS:msg" (not working, arg msg still filtered) or SecRule REQUEST_FILENAME "@streq /" "phase:1,t:none,nolog,pass,ctl:ruleRemoveById=000000-999999;ARGS:msg" (doesn't work) SecRuleUpdateTargetById * "!ARGS:msg" (not working) SecRuleRemoveByMsg .*SQL.* "ARGS:msg" (this one works but has the side effect of removing SQL detection for all the pages) So as you understood i need to fully whitelist an argument and i can't, any help would be really appreciated. For your information i can't whitelist the Location as it is an index.php file with much functions in the backend. Thanks in advance. |