[mod-security-users] custom rules
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
[mod-security-users] custom rules
|
From: <ja...@je...> - 2010-04-08 11:12:32
|
Hi,
>From the documents:
It is highly encouraged that you do not edit the Core rules files
themselves but rather place all
changes (such as SecRuleRemoveByID, etc...) in your custom rules file
modsecurity_crs_15_customrules.conf
Thus i create a file modsecurity_crs_15_customrules.conf and try to remove
a rule that cause blocking.
But it don't work:
Example Usage: SecRuleRemoveByID 1 2 "9000-9010"
Example Usage: SecRuleRemoveByMsg "FAIL"
if i want to block rule:
SecRule REQUEST_METHOD "^(?:GET|HEAD)$"
"chain,phase:2,t:none,block,nolog,auditlog,status:400,msg:'GET or HEAD
requests with bodies',
severity:'2',id:'960011',tag:'PROTOCOL_VIOLATION/EVASION'"
SecRule REQUEST_HEADERS:Content-Length "!^0?$"
"t:none,setvar:'tx.msg=%{rule.msg}',setvar:tx.protocol_violation_score=+1,setvar:tx.anomaly_score=+5,setvar:tx.%{rule.id}-PROTOCOL_VIOLATION/INVALID_HREQ-%{matched_var_name}=%{matched_var}"
then i wrote this in modsecurity_crs_15_customrules.conf and place in
/usr/local/apache/conf/modsecurity/base_rules
SecRuleRemoveByID 960011
SecRuleRemoveByMsg "GET or HEAD requests with bodies"
is it correct?
many thanks
Jay
This e-mail is intended solely for the addressee. If you have received
this e-mail in error, please notify the sender by reply e-mail and
immediately delete it from your system.
|