Re: [mod-security-users] Custom rules are being ignored
Brought to you by:
victorhora,
zimmerletw
From: kwenu <uz...@ya...> - 2011-08-30 14:25:25
|
Please ignore this - my mistake here - apologies On 30/08/11 15:07, kwenu wrote:> <pre wrap> > Hi > > I have an install of modsecurity on Centos 5.5 > > Spec: > modsecurity 2.6.0 > CRS 2.2.1 > > modsecurity_crs_60_customrules.conf has the following rules in it - > > SecRuleUpdateTargetById 981211 !REQUEST_COOKIES:"/^xxxx/" > > However i see no evidence from audit file or audit debug file (debug set > to 9) that this is being honored. > > I currently look after about 1000+ machines and the traffic is huge. > Therefore i do not want FPs for session cookies that are legit. > > Can someone assist me here. Why aren't my custom rules being run. > > I also used the following rule: > SecRuleUpdateTargetById 981211 "t:none,pass,nolog" but this rule is > still being executed > > We are currently put modsecurity in its paces are are using the > following rules: > > modsecurity_35_bad_robots.data > modsecurity_35_scanners.data > modsecurity_40_generic_attacks.data > modsecurity_41_sql_injection_attacks.data > modsecurity_46_slr_et_lfi.data > modsecurity_46_slr_et_rfi.data > modsecurity_46_slr_et_sqli.data > modsecurity_46_slr_et_xss.data > modsecurity_46_slr_lfi.data > modsecurity_46_slr_rfi.data > modsecurity_46_slr_sqli.data > modsecurity_46_slr_xss.data > modsecurity_crs_10_config.conf > modsecurity_crs_10_ignore_static.conf > modsecurity_crs_11_avs_traffic.conf > modsecurity_crs_11_proxy_abuse.conf > modsecurity_crs_13_xml_enabler.conf > modsecurity_crs_15_customrules.conf > modsecurity_crs_20_protocol_violations.conf > modsecurity_crs_21_protocol_anomalies.conf > modsecurity_crs_23_request_limits.conf > modsecurity_crs_25_cc_known.conf > modsecurity_crs_25_cc_track_pan.conf > modsecurity_crs_30_http_policy.conf > modsecurity_crs_35_bad_robots.conf > modsecurity_crs_40_generic_attacks.conf > modsecurity_crs_41_sql_injection_attacks.conf > modsecurity_crs_41_xss_attacks.conf > modsecurity_crs_45_trojans.conf > modsecurity_crs_46_lfi_attacks.conf > modsecurity_crs_46_rfi_attacks.conf > modsecurity_crs_46_slr_et_lfi_attacks.conf > modsecurity_crs_46_slr_et_rfi_attacks.conf > modsecurity_crs_46_slr_et_sqli_attacks.conf > modsecurity_crs_46_slr_et_xss_attacks.conf > modsecurity_crs_46_xss_attacks.conf > modsecurity_crs_47_common_exceptions.conf > modsecurity_crs_49_inbound_blocking.conf > modsecurity_crs_60_correlation.conf > modsecurity_crs_60_customrules.conf > > Thanks > > Senior System Administrator > > > > > > > > ------------------------------------------------------------------------------ > Special Offer -- Download ArcSight Logger for FREE! > Finally, a world-class log management solution at an even better > price-free! And you'll get a free "Love Thy Logs" t-shirt when you > download Logger. Secure your free ArcSight Logger TODAY! > http://p.sf.net/sfu/arcsisghtdev2dev > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > ModSecurity Services from Trustwave's SpiderLabs: > https://www.trustwave.com/application-security.php > > </pre></body> > </html> > </html> |