Re: [mod-security-users] How ignore static content? - OWASP/CRS
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] How ignore static content? - OWASP/CRS
|
From: Reindl H. <h.r...@th...> - 2016-07-15 15:49:23
|
SecRule REQUEST_BASENAME ".(avi|css|csv|doc|docx|eot|flv|gif|htm|html|ico|jpeg|jpg|m4v|mp3|mp4|mpeg|mpg|otf|pdf|png|svg|svgz|ttf|txt|wma|wmv|woff|xls|xlsx)$" "id:'90',phase:1,nolog,allow,ctl:ruleEngine=off" an *no* don't do that for .js Am 15.07.2016 um 17:35 schrieb Cristiano Galdino: > Hi there, > > I'm using CRS 2.2.8 and activated all base_rulesand > optional_rules/*modsecurity_crs_10_ignore_static.conf*, but also match > events in static content. > > > FILE *modsecurity_crs_10_ignore_static.conf: > * > * > * > SecRule REQUEST_METHOD "^(?:GET|HEAD)$" > "chain,phase:2,t:none,skip:1,pass,nolog,id:'900040',severity:'6'" > SecRule &ARGS "@eq 0" "t:none,setvar:tx.no_parameters=1" > SecAction > "phase:2,id:'900041',t:none,nolog,pass,skipAfter:END_STATIC_CONTENT_CHECK" > SecRule REQUEST_FILENAME "\.(?:(?:jpe?|pn)g|gif|ico)$" > "phase:2,t:none,t:lowercase,allow,nolog,id:'900042',severity:'6'" > SecRule REQUEST_FILENAME "\.(?:doc|pdf|txt|xls)$" > "phase:2,t:none,t:lowercase,setvar:tx.text_file_extension=1,allow:phase,nolog,id:'900043',severity:'6'" > SecRule REQUEST_FILENAME "\.(?:(?:cs|j)s|html?)$" > "phase:2,t:none,t:lowercase,setvar:tx.text_file_extension=1,allow:phase,nolog,id:'999005',severity:'6'" > SecRule REQUEST_FILENAME "\.(?:mp(?:e?g|3)|avi|flv|swf|wma)$" > "phase:2,t:none,t:lowercase,allow,nolog,id:'999006',severity:'6'" > SecMarker END_STATIC_CONTENT_CHECK |
