Re: [mod-security-users] disable rule based on arg - Email found in subject - Email found in subjec
Brought to you by:
victorhora,
zimmerletw
From: Leon B. <le...@ti...> - 2009-10-25 11:28:41
|
Hi Brian, The first rule indeed needs an option arg. Is it possible to chain another rule so the option arg is not required? I know have this: SecRule ARGS:option "^com_resize$" "pass,skip:1" SecRule ARGS|ARGS_NAMES "^http:/" But I like the syntax of the chain command better. Leon ________________________________________ From: Brian Rectanus [Bri...@br...] Sent: 24 October 2009 23:20 To: Leon Bogaert Cc: Christian Bockermann; mod...@li... Subject: Re: [mod-security-users] disable rule based on arg - Email found in subject - Email found in subject Some other options: SecRule ARGS|ARGS_NAMES "^http:/" "chain,..." SecRule ARGS:option "!^com_resize$" NOTE: this may require option arg - I did not have time to verify OR SecRule ARGS:option "^com_resize$" "pass,nolog,phase:1,ctl:ruleRemoveById=1234" SecRule ARGS|ARGS_NAMES "^http:/" "id:1234,..." later, -B Leon Bogaert wrote: Hi Christian, Thank you very much! I'm gonna try this tomorrow! Leon ________________________________________ From: Christian Bockermann [ch...@jw...<mailto:ch...@jw...>] Sent: 24 October 2009 13:07 To: Leon Bogaert Cc: mod...@li...<mailto:mod...@li...> Subject: Re: [mod-security-users] disable rule based on arg - Email found in subject Hi Leon, you could for instance use the "skip" action: SecRule ARGS:option "^com_resize$" "skip:1" SecRule ARGS|ARGS_NAMES "^http:/" The first rule should skip the evaluation of the second one if option=='com_resize'. As you second rule seems to watch for remote references, you may want to make sure to limit the possible allowed remote-references for requests containing "option=='com_resize'" instead of completely skipping this rule. Best regards, Chris Am 23.10.2009 um 13:39 schrieb Leon Bogaert: Hi all, I have this rule for mod_security2: SecRule ARGS|ARGS_NAMES "^http:/" But I would like to disable it if the "option" arg == 'com_resize' So if the request containst option=com_resize I would like to disable the above rule. I tried searching on google but I only found out how to disable specific rules for specific locations. Thanks in advance! Leon ------------------------------------------------------------------------------ Come build with us! The BlackBerry(R) Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9 - 12, 2009. Register now! http://p.sf.net/sfu/devconference _______________________________________________ mod-security-users mailing list mod...@li...<mailto:mod...@li...> https://lists.sourceforge.net/lists/listinfo/mod-security-users Commercial ModSecurity Appliances, Rule Sets and Support: http://www.modsecurity.org/breach/index.html ------------------------------------------------------------------------------ Come build with us! The BlackBerry(R) Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9 - 12, 2009. Register now! http://p.sf.net/sfu/devconference _______________________________________________ mod-security-users mailing list mod...@li...<mailto:mod...@li...> https://lists.sourceforge.net/lists/listinfo/mod-security-users Commercial ModSecurity Appliances, Rule Sets and Support: http://www.modsecurity.org/breach/index.html -- Brian Rectanus Breach Security |