Please ignore this - my mistake here - apologies
On 30/08/11 15:07, kwenu wrote:> <pre wrap>
> Hi
>
> I have an install of modsecurity on Centos 5.5
>
> Spec:
> modsecurity 2.6.0
> CRS 2.2.1
>
> modsecurity_crs_60_customrules.conf has the following rules in it -
>
> SecRuleUpdateTargetById 981211 !REQUEST_COOKIES:"/^xxxx/"
>
> However i see no evidence from audit file or audit debug file (debug set
> to 9) that this is being honored.
>
> I currently look after about 1000+ machines and the traffic is huge.
> Therefore i do not want FPs for session cookies that are legit.
>
> Can someone assist me here. Why aren't my custom rules being run.
>
> I also used the following rule:
> SecRuleUpdateTargetById 981211 "t:none,pass,nolog" but this rule is
> still being executed
>
> We are currently put modsecurity in its paces are are using the
> following rules:
>
> modsecurity_35_bad_robots.data
> modsecurity_35_scanners.data
> modsecurity_40_generic_attacks.data
> modsecurity_41_sql_injection_attacks.data
> modsecurity_46_slr_et_lfi.data
> modsecurity_46_slr_et_rfi.data
> modsecurity_46_slr_et_sqli.data
> modsecurity_46_slr_et_xss.data
> modsecurity_46_slr_lfi.data
> modsecurity_46_slr_rfi.data
> modsecurity_46_slr_sqli.data
> modsecurity_46_slr_xss.data
> modsecurity_crs_10_config.conf
> modsecurity_crs_10_ignore_static.conf
> modsecurity_crs_11_avs_traffic.conf
> modsecurity_crs_11_proxy_abuse.conf
> modsecurity_crs_13_xml_enabler.conf
> modsecurity_crs_15_customrules.conf
> modsecurity_crs_20_protocol_violations.conf
> modsecurity_crs_21_protocol_anomalies.conf
> modsecurity_crs_23_request_limits.conf
> modsecurity_crs_25_cc_known.conf
> modsecurity_crs_25_cc_track_pan.conf
> modsecurity_crs_30_http_policy.conf
> modsecurity_crs_35_bad_robots.conf
> modsecurity_crs_40_generic_attacks.conf
> modsecurity_crs_41_sql_injection_attacks.conf
> modsecurity_crs_41_xss_attacks.conf
> modsecurity_crs_45_trojans.conf
> modsecurity_crs_46_lfi_attacks.conf
> modsecurity_crs_46_rfi_attacks.conf
> modsecurity_crs_46_slr_et_lfi_attacks.conf
> modsecurity_crs_46_slr_et_rfi_attacks.conf
> modsecurity_crs_46_slr_et_sqli_attacks.conf
> modsecurity_crs_46_slr_et_xss_attacks.conf
> modsecurity_crs_46_xss_attacks.conf
> modsecurity_crs_47_common_exceptions.conf
> modsecurity_crs_49_inbound_blocking.conf
> modsecurity_crs_60_correlation.conf
> modsecurity_crs_60_customrules.conf
>
> Thanks
>
> Senior System Administrator
>
>
>
>
>
>
>
> ------------------------------------------------------------------------------
> Special Offer -- Download ArcSight Logger for FREE!
> Finally, a world-class log management solution at an even better
> price-free! And you'll get a free "Love Thy Logs" t-shirt when you
> download Logger. Secure your free ArcSight Logger TODAY!
> http://p.sf.net/sfu/arcsisghtdev2dev
> _______________________________________________
> mod-security-users mailing list
> mod-security-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/mod-security-users
> ModSecurity Services from Trustwave's SpiderLabs:
> https://www.trustwave.com/application-security.php
>
> </pre></body>
> </html>
> </html>