Hello,

I think you have two choices:

1 - Call the rule also into <Directory>
2 - Put SecUpdateTargetByID in the main context.

This is a known issue: https://github.com/SpiderLabs/ModSecurity/issues/89

Thanks

Breno


On Thu, Aug 8, 2013 at 2:59 PM, Kelvin Yang <KYang@appsecinc.com> wrote:
Hello everyone,

I am new to modsecurity and would like some help. I am trying to fix a false positive using SecRuleUpdateTargetById.

My modsecurity is 2.6.8 and I am using OWASP CRS 2.2.5 on CentOS.

Following https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#wiki-SecRuleUpdateTargetById, I have the following in a file called modsecurity_crs_15_customrules.conf.

<Directory "/var/www/mywebsite/">
SecRuleUpdateTargetById 981172 "!REQUEST_COOKIES:/_cookietoignore_/"
</Directory>

No matter how I slice it, I cannot get this to work with modsecurity_crs_15 customrules.conf file. I tried it with the directive and without and nothing worked. After awhile, I decided to put the rule (without the directive) in mod_security.conf under /etc/httpd/. Putting the rule in mod_security.conf worked. Modsecurity ignores the cookie.

Does anyone know why the customrules config file is not working? I can confirm that mod_security.conf has an include for the file so it is reading it.

Thank you,
Kelvin

------------------------------------------------------------------------------
Get 100% visibility into Java/.NET code with AppDynamics Lite!
It's a free troubleshooting tool designed for production.
Get down to code-level detail for bottlenecks, with <2% overhead.
Download for free and get started troubleshooting in minutes.
http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk
_______________________________________________
mod-security-users mailing list
mod-security-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
http://www.modsecurity.org/projects/commercial/rules/
http://www.modsecurity.org/projects/commercial/support/