|
From: Cristiano G. <cri...@ga...> - 2018-03-21 20:16:29
|
Hi I write this rule ans this works fine: SecRule REQUEST_HEADERS:Host "^[\d.:]+$" \ "id:200,\ msg:'Host header is a numeric IP address - Block Request',\ phase:1,\ t:none,\ deny,\ ctl:ruleEngine=On" But what I need is to change rule 920350 to ctl:ruleEngine=On and deny. I do not know the syntax for this. Cristiano Galdino cri...@ga... On 21 Mar 2018 16:29 -0300, Reindl Harald <h.r...@th...>, wrote: > > Am 21.03.2018 um 20:19 schrieb Cristiano Galdino: > > But, how to do this in my rules and not in CRS? > > by just it to the rule like whitelist file extension in the sample below > > SecRule REQUEST_BASENAME > "\.(avi|css|csv|doc|docx|eot|flv|gif|htm|html|ico|jpeg|jpg|m4v|mp3|mp4|mpeg|mpg|otf|pdf|png|svg|svgz|ttf|txt|wma|wmv|woff|xls|xlsx)$" > "id:'90',phase:1,nolog,allow,ctl:ruleEngine=off" > > > On 21 Mar 2018 16:13 -0300, Christian Folini > > <chr...@ne...>, wrote: > > > Hello Cristiano, > > > > > > Did you try ctl:ruleEngine=On? > > > > > > Christian > > > > > > On Wed, Mar 21, 2018 at 01:47:54PM -0300, Cristiano Galdino wrote: > > > > Hi! > > > > > > > > My platform: > > > > > > > > - Modsecurity: 2.9.0-1 (from Ubuntu repository) > > > > - CRS 3.0 > > > > - Apache 2.4.18-2ubuntu3.5 > > > > > > > > Modsecurity is configured with SecRuleEngine DetectionOnly but I want > > > > to activate some rules to block requests. > > > > > > > > This is my configuration: > > > > > > > > IncludeOptional /etc/modsecurity/modsecurity.conf (set SecRuleEngine > > > > DetectionOnly) > > > > IncludeOptional /usr/share/modsecurity-crs/owasp-crs.load > > > > └──> Load all CRS 3 > > > > IncludeOptional /usr/share/modsecurity-crs/my-rules.load > > > > └──> Load my specifics Rules. > > > > > > > > I want to include in my rules something that activates CRS rules. For > > > > example, change rule 920350 to engine=on to block accesses by IP. > > > > > > > > How to do this? > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ |
