Re: [mod-security-users] Active specifics rules with SecRuleEngine DetectionOnly

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hello Cristiano,

Did you try ctl:ruleEngine=On?

Christian

On Wed, Mar 21, 2018 at 01:47:54PM -0300, Cristiano Galdino wrote:
> Hi!
> 
> My platform:
> 
> - Modsecurity: 2.9.0-1 (from Ubuntu repository)
> - CRS 3.0
> - Apache 2.4.18-2ubuntu3.5
> 
> Modsecurity is configured with SecRuleEngine DetectionOnly but I want to activate some rules to block requests.
> 
> This is my configuration:
> 
> IncludeOptional /etc/modsecurity/modsecurity.conf (set SecRuleEngine DetectionOnly)
> IncludeOptional /usr/share/modsecurity-crs/owasp-crs.load
> └──> Load all CRS 3
> IncludeOptional /usr/share/modsecurity-crs/my-rules.load
> └──> Load my specifics Rules.
> 
> I want to include in my rules something that activates CRS rules. For example, change rule 920350 to engine=on to block accesses by IP.
> 
> How to do this?
> 
> Best regards,
> 
> 
> Cristiano Galdino
> cri...@ga...

> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot

> _______________________________________________
> mod-security-users mailing list
> mod...@li...
> https://lists.sourceforge.net/lists/listinfo/mod-security-users
> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
> http://www.modsecurity.org/projects/commercial/rules/
> http://www.modsecurity.org/projects/commercial/support/

-- 
https://www.feistyduck.com/training/modsecurity-training-course
https://www.feistyduck.com/books/modsecurity-handbook/
mailto:chr...@ne...
twitter: @ChrFolini