Ok im not really good at this im trying to override one of the rules to not check for urls in the request which some of the scripts use

SecRuleRemoveById 50905 300018 300040 50013 10006
SecRule ARGS (!referer) "chain,auditlog,id:300018,rev:3,severity:2,msg:'(gotroot/rules.conf) Generic PHP code injection protection via ARGS'"
SecRule ARGS "(ht|f)tps?:/")


so dont check when there is a referer= however im getting this

Error parsing actions: Unknown action: )

I wonder how its possible to chain the current rule to not filter for that argument only ?



Ofer Shezaf wrote:

 

'SecFilterEngine' is a 1.9.x directive. You got it right and SecRuleEngine is the correct directive for ModSecurity 2.x. Sorry for the typo.

 

~ Ofer

 


From: mod-security-users-bounces@lists.sourceforge.net [mailto:mod-security-users-bounces@lists.sourceforge.net] On Behalf Of Dan Rossi
Sent: Monday, November 27, 2006 8:15 AM
To: Ivan Ristic
Cc: mod-security-users@lists.sourceforge.net
Subject: Re: [mod-security-users] mod-security-users Digest, Vol 6, Issue 22

 

Ivan Ristic wrote:

On 11/21/06, Dan Rossi <spam@electroteque.org> wrote:

Ivan Ristic wrote:
>
> It is documented and it works. However, "SecFilterInheritance"
> prevents the rules from being inherited from the parent context but it
> does nothing to the configuration options. The configuration settings
> are always inherited. If you want something different to happen just
> provide different configuration. So, in your case you could do
> something like:
>
> <Location /signup>
> SecFilterInheritance Off
> SecFilterForceByteRange 0 255
> </Location>
>

Ok what im saying here is, every rule set as default will have to be
overwritten as u have here, ie the ones we need to override for etc, so
mod sec cant be turned off per virtualhost for instance ?


Sure it can:

<VirtualHost whatever>
   SecFilterEngine Off
   SecAuditEngine Off
</VirtualHost>

Hi Ivan, i just put these rules  inside virtualhost for mod sec 2 and i get this

Invalid command 'SecFilterEngine', perhaps mis-spelled or defined by a module not included in the server configuration


if i do

SecRuleEngine Off
SecAuditEngine Off


its ok however for some of our zend encoded files something happens with the posts, i dont get any errors but it seems modsec is doing something even though ive turned if off in that path and redirects back to the file . I cant go into the code and look because its encoded and there is no log :\