Some other options:

SecRule ARGS|ARGS_NAMES "^http:/" "chain,..."
SecRule ARGS:option "!^com_resize$"

NOTE: this may require option arg - I did not have time to verify

OR

SecRule ARGS:option "^com_resize$" "pass,nolog,phase:1,ctl:ruleRemoveById=1234"
SecRule ARGS|ARGS_NAMES "^http:/" "id:1234,..."

later,
-B


Leon Bogaert wrote:
Hi Christian,

Thank you very much! I'm gonna try this tomorrow!

Leon

________________________________________
From: Christian Bockermann [chris@jwall.org]
Sent: 24 October 2009 13:07
To: Leon Bogaert
Cc: mod-security-users@lists.sourceforge.net
Subject: Re: [mod-security-users] disable rule based on arg - Email found in subject

Hi Leon,

you could for instance use the "skip" action:

        SecRule ARGS:option "^com_resize$" "skip:1"
        SecRule ARGS|ARGS_NAMES "^http:/"

The first rule should skip the evaluation of the second one if
option=='com_resize'.

As you second rule seems to watch for remote references, you may want
to make sure to limit
the possible allowed remote-references for requests containing
"option=='com_resize'" instead
of completely skipping this rule.

Best regards,
     Chris


Am 23.10.2009 um 13:39 schrieb Leon Bogaert:

  
Hi all,

I have this rule for mod_security2:
SecRule ARGS|ARGS_NAMES "^http:/"

But I would like to disable it if the "option" arg == 'com_resize'
So if the request containst option=com_resize I would like to
disable the above rule.

I tried searching on google but I only found out how to disable
specific rules for specific locations.

Thanks in advance!

Leon

------------------------------------------------------------------------------
Come build with us! The BlackBerry(R) Developer Conference in SF, CA
is the only developer event you need to attend this year. Jumpstart
your
developing skills, take BlackBerry mobile applications to market and
stay
ahead of the curve. Join us from November 9 - 12, 2009. Register now!
http://p.sf.net/sfu/devconference
_______________________________________________
mod-security-users mailing list
mod-security-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Appliances, Rule Sets and Support:
http://www.modsecurity.org/breach/index.html
    


------------------------------------------------------------------------------
Come build with us! The BlackBerry(R) Developer Conference in SF, CA
is the only developer event you need to attend this year. Jumpstart your
developing skills, take BlackBerry mobile applications to market and stay 
ahead of the curve. Join us from November 9 - 12, 2009. Register now!
http://p.sf.net/sfu/devconference
_______________________________________________
mod-security-users mailing list
mod-security-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Appliances, Rule Sets and Support:
http://www.modsecurity.org/breach/index.html
  

-- 
Brian Rectanus
Breach Security