Re: [mod-security-users] Any potential risk of just pass the request to static content?
Brought to you by:
victorhora,
zimmerletw
From: Ryan B. <rya...@br...> - 2010-05-25 21:32:15
|
On Tuesday 25 May 2010 15:51:13 John Li wrote: > Hi, > > I found CRS generated quite a lot of alerts for the requests to static > content so I created a rule to just allow them. > > SecRule REQUEST_URI > "^(?:/javascripts|/favicon\.ico|/images|/stylesheets|/logos|/documents|/st > atic)" "phase:1,allow,ctl:auditEngine=off" > > My assumption is the static content access should have very little chance > to cause security issue of the web application. Can you please let me know > if there is any potential risk? Is this a good practice in WAF? > This is fine and it will cut down on the logging and false positives. You just want to make sure that you get your list of static files set correctly. > BTW, is there a document to explain the CRS rule set in more detail? > Check out the CRS project page on the OWASP site and sign up for the CRS mail-list - http://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project -Ryan > Thanks. > > -- > John Jun Li > jl...@jl...<mailto:jl...@jl...> > > My Blog: http://www.jlisbz.com > My LinkedIn Profile: http://www.linkedin.com/in/johnjunli |