[mod-security-users] Adjust Anomaly Threshold on Cookies?

[leon m. <mig...@ya...>]

Despite a ton of Googling, reading the Modsecurity Handbook and trial and error I still can't figure out if I can adjust sensitivity to specific rules on specific cookies.Our false positives seem to be caused by rules 981260 and 981231 finding matches in the XSRF token cookies automatically made by our website's framework. I can disable the rules for the cookies, but I'd like to know if I can just make the existing ones less sensitive for specific cookie names so there's still some security in place.The following rule crashes with the error 'Rules must have at least id action'SecRule REQUEST_COOKIES:EXAMPLE-NAME "phase:2,id:108,t:none,setvar:tx.inbound_anomaly_score_level=25,pass,log"What's the best way to handle these cookies or this situation?