[mod-security-users] How to exclude two rules
Brought to you by:
victorhora,
zimmerletw
From: Peter M. A. <sup...@dy...> - 2006-09-28 18:35:19
|
Greetings: In addition to our own custom rules, we use rules from gotrootkit.com For http://www.gotroot.com/downloads/ftp/mod_security/rootkits.conf in particular there are two rules that a client application breaks: SecFilterSelective REQUEST_URI "=(http|www|ftp)\:/(.+)\.(c|dat|kek|gif|jpe?g|jpeg|png|sh|txt|bmp|dat|txt|js|html?|tmp|asp)\x20?\?" and SecFilterSelective REQUEST_URI "=(http|www|ftp)\:/(.+)\.(c|dat|kek|gif|jpe?g|jpeg|png|sh|txt|bmp|dat|txt|js|html?|tmp|asp)\?" As part of the path for the client application, it always has the following: /public/clickTrack.php How can I remove just those two rules? I tried SecFilterRemove from http://www.modsecurity.org/documentation/modsecurity-apache/1.9.3/html-multipage/03-configuration.html but I cannot individually label the above two rules as I get another error message (that prevents Apache from starting at all) stating the ID must be the first part of the chain. Please advise. Thank you. |