|
From: Reindl H. <h.r...@th...> - 2018-03-21 19:29:48
|
Am 21.03.2018 um 20:19 schrieb Cristiano Galdino: > But, how to do this in my rules and not in CRS? by just it to the rule like whitelist file extension in the sample below SecRule REQUEST_BASENAME "\.(avi|css|csv|doc|docx|eot|flv|gif|htm|html|ico|jpeg|jpg|m4v|mp3|mp4|mpeg|mpg|otf|pdf|png|svg|svgz|ttf|txt|wma|wmv|woff|xls|xlsx)$" "id:'90',phase:1,nolog,allow,ctl:ruleEngine=off" > On 21 Mar 2018 16:13 -0300, Christian Folini > <chr...@ne...>, wrote: >> Hello Cristiano, >> >> Did you try ctl:ruleEngine=On? >> >> Christian >> >> On Wed, Mar 21, 2018 at 01:47:54PM -0300, Cristiano Galdino wrote: >>> Hi! >>> >>> My platform: >>> >>> - Modsecurity: 2.9.0-1 (from Ubuntu repository) >>> - CRS 3.0 >>> - Apache 2.4.18-2ubuntu3.5 >>> >>> Modsecurity is configured with SecRuleEngine DetectionOnly but I want >>> to activate some rules to block requests. >>> >>> This is my configuration: >>> >>> IncludeOptional /etc/modsecurity/modsecurity.conf (set SecRuleEngine >>> DetectionOnly) >>> IncludeOptional /usr/share/modsecurity-crs/owasp-crs.load >>> └──> Load all CRS 3 >>> IncludeOptional /usr/share/modsecurity-crs/my-rules.load >>> └──> Load my specifics Rules. >>> >>> I want to include in my rules something that activates CRS rules. For >>> example, change rule 920350 to engine=on to block accesses by IP. >>> >>> How to do this? |
