Re: [mod-security-users] nginx and modsecurity custom rules not applied
Brought to you by:
victorhora,
zimmerletw
From: Ryan B. <RBa...@tr...> - 2013-11-01 12:32:29
|
From: george Nopicture <mad...@ho...<mailto:mad...@ho...>> Reply-To: "mod...@li...<mailto:mod...@li...>" <mod...@li...<mailto:mod...@li...>> Date: Friday, November 1, 2013 8:21 AM To: "mod...@li...<mailto:mod...@li...>" <mod...@li...<mailto:mod...@li...>> Subject: Re: [mod-security-users] nginx and modsecurity custom rules not applied Sorry list: My bad i hadn't set the default action to pass phase 1 to enable delayed blocking mode(aka anomaly scoring)- thought that was enabled by default. Custom rules working nicely SecRule REQUEST_URI " @contains /REST" "id:9000**,phase:1,t:none,nolog,pass,setvar:'tx.allowed_methods=GET HEAD POST OPTIONS PUT DELETE',setvar:'tx.allowed_request_content_type=application/x-www-form-urlencoded|multipart/form-data|text/xml|application/xml|text/html|application/json'" Neat job on modsecurity from the team(now i got to find why it breaks ajax post requests with content-type:text/plain or application/x-www-form-urlencoded in my app). You would need to modify this line in the 10 setup config file or override it for AJAX requests (like you are doing here with REST URLs) to add "text/plain" - https://github.com/SpiderLabs/owasp-modsecurity-crs/blob/master/modsecurity_crs_10_setup.conf.example#L279 Not sure why application-x-form-urlencoded would be triggering though. Would have to look at an audit log event. -Ryan ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. |