Re: [mod-security-users] Selective "DetectionOnly"
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] Selective "DetectionOnly"
|
From: Christian F. <chr...@ne...> - 2017-12-22 17:07:44
|
Hey Ed, The way I write the whitelisting rules I use in production is that I separate the rules from the action. That way I can switch the action lever (detection / blocking) with a single config item. I do not see any conceptual problem to use multiple variables to track violations. One for the final blocking action and one for the final log-only action. Best, Christian On Fri, Dec 22, 2017 at 01:39:59PM +0000, Ed Greenberg wrote: > Hi Folks, > > Once we have our rules in blocking, rather than DetectionOnly mode, > we'd like to start reviewing some of our whitelisted rules. Is it > possible to bring individual rules back but in detection only, or is > that an all-or-nothing setting? Can somebody give an example of how to > set this up? > > Thanks, > > Ed > > -- > > Ed Greenberg | Web Developer and LInux System Administrator > __________________________________________________________________ > > HAPPY Software, Inc. l Work HAPPY-er! > t. 888-484-2779 l f. 518-584-5388 > This message and any of its attachments are intended only for the use > of the designated recipient, or the recipient’s designee, and may > contain information that is confidential or privileged. If you are not > the intended recipient, please immediately notify HAPPY Software, Inc., > delete all copies of the message and any attachments and do not > disseminate or make any use of their contents. > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ -- https://www.feistyduck.com/training/modsecurity-training-course https://www.feistyduck.com/books/modsecurity-handbook/ mailto:chr...@ne... twitter: @ChrFolini |
