Re: [mod-security-users] beginner question: Finding out rule id numbers!?
Brought to you by:
victorhora,
zimmerletw
From: Ryan B. <rya...@br...> - 2010-01-27 16:32:49
|
On Wednesday 27 January 2010 11:25:44 am Tom wrote: > Hi everyone > > I hope that someone can help me either by answering my question or pointing > me to an FAQ or Guide of some sort. > > What I'd like accomplished is fairly simple. A php based website that I ran > requires complex data entry by a handful of users via php scripts. Those > get blocked by mod_sec, but are false positives. The ips of the users > change too often to white list them via ip. So what I'd like done is to > remove the rules that are triggered for specific directories (right now I > have the entire engine turned of for those directories). > > My question is: How do I find out the rule numbers so that I can use the > 'SecRuleRemoveById' inside the tag: <Directory /home/www/dir/> > </Directory> ? > > I look through the logs in WMD and cannot find the ID #'s. I tried fixing > the rules using the guide: > http://www.modsecurity.org/blog/archives/2007/02/handling_false.html > > but I do not understand it fully, as it's a bit complicated. > > Hope you can help, so far mod_sec has been keeping me safe and happy! > > Kind regards > > Tom > > p.s > > of course that if you have a different way to accomplish this please do > share. > Tom, What rules are you using? The Core Rule Set (CRS)? If you could send some log examples of the false positives it would help. Additionally, if you are using the CRS and it is causing the issues, we have a separate mail-list for it - https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule- set -Ryan |