ModSecurity / Discussion / Rules: How to whitelist a file or path to a file from all rules?

How to whitelist a file or path to a file from all rules?

Forum: Rules

Creator: Daniel Kolar

Created: 2017-10-11

Updated: 2017-10-11

Daniel Kolar - 2017-10-11

Hello,

when submitting new content via:
mydomain.com/newarticle.php
mydomain.com/newthread.php

it triggers multiple "deny" mod security rules, i do not want to tweak these rules anyhow, instead i want to whitelist mentioned files from blocking by mod security

i tried to
1. create new rule on the top of all rules in /usr/local/apache/conf/modsec2.user.conf

SecRule REQUEST_URI "newarticle|newthread" "id:1045787,phase:1,nolog,noauditlog,allow,ctl:ruleEngine=Off"

Does not work, other rules still trigger 403.
Note that i also use include files to include more rules from external .conf files. There is also this line: Include /usr/local/apache/conf/modsec2.whitelist.conf here is the content ->

<LocationMatch "/(newarticle\.php|newthread\.php)"> SecRuleRemoveById 300012 212000 5000130 </LocationMatch>

edit httpd.conf file to disable mod. sec. engine on certain path
i tried this, but i am still blocked on tha tpath by mod. sec.:

<IfModule mod_security.c> <If "%{REQUEST_URI} =~ m#/newarticle/#"> SecFilterEngine Off SecFilterScanPOST Off </If> </IfModule> <IfModule mod_security.c> <File newarticle.php> SecRequestBodyAccess Off </File> </IfModule> <IfModule mod_security.c> <FilesMatch "^(editpost|newreply|newthread)\.php$"> SecFilterEngine Off SecFilterScanPOST Off </FilesMatch> </IfModule>

Please what is the correct rule to whitelist it?

Apache/2.2.34
security2_module
ModSecurity: APR compiled version="1.5.1"; loaded version="1.5.1"
ModSecurity: PCRE compiled version="8.38 "; loaded version="8.38 2015-11-23"
ModSecurity: LUA compiled version="Lua 5.1"
ModSecurity: LIBXML compiled version="2.9.2

Last edit: Daniel Kolar 2017-10-11
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Daniel Kolar - 2017-10-15

Here is related issue and what worked is to edit mod security .conf file that is containing custom mod. sec. rules and add special rule.

# Disable ModSecurity for certain file names SecRule REQUEST_URI "(ajax.php|editpost.php|newthread.php|newpost.php|otherfilename.php)" "id:945998,nolog,allow,ctl:ruleEngine=Off,ctl:auditEngine=Off"

Though it would be better to whitelist full path including domain, not just file name. But for that i am unsure how to do now.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Chaim Sanders - 2017-10-16

Hey @Daniel Kolar,
This form isn't supported anymore. If you have any further questions please reach out on the ModSecurity Github page. Thanks!

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

How to whitelist a file or path to a file from all rules?

Forums

Help

How to whitelist a file or path to a file from all rules?

How to whitelist a file or path to a file from all rules?

Forums

Help

How to whitelist a file or path to a file from all rules? document.SUBSCRIPTION_OPTIONS = { "thing": "topic", "subscribed": false, "url": "subscribe", "icon": { "css": "fa fa-envelope-o" } };

How to whitelist a file or path to a file from all rules?