|
From: Christian F. <chr...@ne...> - 2018-03-21 19:27:44
|
On Wed, Mar 21, 2018 at 04:19:16PM -0300, Cristiano Galdino wrote: > Hi Christian! > > But, how to do this in my rules and not in CRS? You write a rule in phase 1 and place it before the CRS include. That rule should contain the ctl statement and enable that based on a condition with @ipMatch. Good luck, Christian > > Regards, > > Cristiano Galdino > cri...@ga... > > On 21 Mar 2018 16:13 -0300, Christian Folini <chr...@ne...>, wrote: > > Hello Cristiano, > > > > Did you try ctl:ruleEngine=On? > > > > Christian > > > > On Wed, Mar 21, 2018 at 01:47:54PM -0300, Cristiano Galdino wrote: > > > Hi! > > > > > > My platform: > > > > > > - Modsecurity: 2.9.0-1 (from Ubuntu repository) > > > - CRS 3.0 > > > - Apache 2.4.18-2ubuntu3.5 > > > > > > Modsecurity is configured with SecRuleEngine DetectionOnly but I want to activate some rules to block requests. > > > > > > This is my configuration: > > > > > > IncludeOptional /etc/modsecurity/modsecurity.conf (set SecRuleEngine DetectionOnly) > > > IncludeOptional /usr/share/modsecurity-crs/owasp-crs.load > > > └──> Load all CRS 3 > > > IncludeOptional /usr/share/modsecurity-crs/my-rules.load > > > └──> Load my specifics Rules. > > > > > > I want to include in my rules something that activates CRS rules. For example, change rule 920350 to engine=on to block accesses by IP. > > > > > > How to do this? > > > > > > Best regards, > > > > > > > > > Cristiano Galdino > > > cri...@ga... > > > > > ------------------------------------------------------------------------------ > > > Check out the vibrant tech community on one of the world's most > > > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > > > > > _______________________________________________ > > > mod-security-users mailing list > > > mod...@li... > > > https://lists.sourceforge.net/lists/listinfo/mod-security-users > > > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > > > http://www.modsecurity.org/projects/commercial/rules/ > > > http://www.modsecurity.org/projects/commercial/support/ > > > > > > -- > > https://www.feistyduck.com/training/modsecurity-training-course > > https://www.feistyduck.com/books/modsecurity-handbook/ > > mailto:chr...@ne... > > twitter: @ChrFolini > > > > ------------------------------------------------------------------------------ > > Check out the vibrant tech community on one of the world's most > > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > > _______________________________________________ > > mod-security-users mailing list > > mod...@li... > > https://lists.sourceforge.net/lists/listinfo/mod-security-users > > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > > http://www.modsecurity.org/projects/commercial/rules/ > > http://www.modsecurity.org/projects/commercial/support/ > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ -- https://www.feistyduck.com/training/modsecurity-training-course https://www.feistyduck.com/books/modsecurity-handbook/ mailto:chr...@ne... twitter: @ChrFolini |
