|
From: Christian F. <chr...@ne...> - 2018-02-27 04:40:19
|
Hey Marki, On Mon, Feb 26, 2018 at 11:09:38PM +0100, jm+...@ro... wrote: > Can anyone elaborate on that? > > If you specify say > > 1) SecRule some_variable some_operator "some_action,phase:1,id:4" > 2) SecRule some_variable some_operator "some_action,phase:2,id:5" > 3) SecRule some_variable some_operator "some_action,phase:1,id:5" > 4) SecRule some_variable some_operator "some_action,phase:2,id:4" You have a rule id collision here. > The order of execution is pretty clear, is it not? 1 -> 3 -> 4 -> 2 No, if you remove the id collision to make it syntactically correct you get 1 -> 3 -> 2 -> 4 It's the order of the phases and then top down. The rule id is irrelevant. If you spread rules over Server context, virtual host and containers, then inheritance starts to play a role and I suggest you try things out to be really sure about the order. Ahoj, Christian -- https://www.feistyduck.com/training/modsecurity-training-course https://www.feistyduck.com/books/modsecurity-handbook/ mailto:chr...@ne... twitter: @ChrFolini |
