Thanks for the response.&= nbsp; Our web host got back to me with some information that was very helpf= ul. You can add your own id to these types of rules. I changed:=
SecRule REQUEST_URI = "\.php" chain
SecRule REQUEST_URI = "\.php" "chain,id:1000001"
Now, I can whitelist with= the following:
<LocationMatch /mypage= .php>
SecRuleRemoveById = 1000001
The only thing you need t= o be careful with is the ID. You have to make sure you don’t du= plicate any of them or Apache will have issues.
oks like the GotRoot/AtomicCorp rules. I would suggest that you seek =
help on their forum - https://www.atomicorp.com/forums/viewforum.php?=
All the= rules in the OWASP ModSecurity Core Rule Set (CRS) have rule ID assigned f= or reasons such as this.
FYI = 211; depending on your ModSecurity version, newer releases also have the ab= ility to disable rules based also on the msg or tag data - =
ModSecurity Project Lead=
OWASP ModSecurity CRS Project Leader
I am new user to mod securi= ty as we just switched to a new server with cPanel. I’ve been t= rying to configure the whitelists since there are some false positives that need to be addressed. We are running into an issue where some r= ules have no ID or message so we can’t whitelist them. Our web = host’s solution is to disable mod security for a particular URI. = ; This is not ideal. It seems that most of the rules without an ID are in the file modsec2.user.conf and look like this (this is one th= at caused an issue):= p>
#PHP Injection Attack gener= ic signature
SecRule REQUEST_URI &= quot;\.php" chain=
SecRule REQUEST_URI|REQUEST= _BODY "(\?((LOCAL|INCLUDE|PEAR|SQUIZLIB)_PATH|action|content|dir|name|= menu|pm_path|path|pathtoroot|cat|pagina|path|include_location|root|page|gor= umDir|site|topside|pun_root|open|seite)=3D(http|https|ftp)\:/|(cmd|command)= =3D(cd|\;|perl |killall |python |rpm |yum |apt-get |emerge |lynx |links |mkdir |elinks |i= d|cmd|pwd|wget |lwp-(download|request|mirror|rget) |uname|cvs |svn |(s|r)(c= p|sh) |net(stat|cat) |rexec |smbclient |t?ftp |ncftp |curl |telnet |gcc |cc= |g\+\+ |\./|whoami|killall |rm \-[a-z|A-Z]))"= p>
1.)&nb= sp; Is there anything w= e can do to whitelist just this rule for a particular URI or domain?=
2.)&nb= sp; Are these rules nec= essary as they seem like they are user added/not part of the core?
This transmission may contain i= nformation that is privileged, confidential, and/or exempt from disclosure = under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use= of the information contained herein (including any reliance thereon) is ST= RICTLY PROHIBITED. If you received this transmission in error, please immed= iately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.= span>