|
From: Christian F. <chr...@ne...> - 2018-03-21 20:28:01
|
Hello, That looks good already. But you have a very peculiar setup in your mind. Maybe it works if you put CRS from scoring into direct-blocking mode. This is done in crs-setup.conf. Good luck, Christian On Wed, Mar 21, 2018 at 05:15:31PM -0300, Cristiano Galdino wrote: > Hi > > I write this rule ans this works fine: > > SecRule REQUEST_HEADERS:Host "^[\d.:]+$" \ > "id:200,\ > msg:'Host header is a numeric IP address - Block Request',\ > phase:1,\ > t:none,\ > deny,\ > ctl:ruleEngine=On" > > But what I need is to change rule 920350 to ctl:ruleEngine=On and deny. > > I do not know the syntax for this. > > Cristiano Galdino > cri...@ga... > > On 21 Mar 2018 16:29 -0300, Reindl Harald <h.r...@th...>, wrote: > > > > Am 21.03.2018 um 20:19 schrieb Cristiano Galdino: > > > But, how to do this in my rules and not in CRS? > > > > by just it to the rule like whitelist file extension in the sample below > > > > SecRule REQUEST_BASENAME > > "\.(avi|css|csv|doc|docx|eot|flv|gif|htm|html|ico|jpeg|jpg|m4v|mp3|mp4|mpeg|mpg|otf|pdf|png|svg|svgz|ttf|txt|wma|wmv|woff|xls|xlsx)$" > > "id:'90',phase:1,nolog,allow,ctl:ruleEngine=off" > > > > > On 21 Mar 2018 16:13 -0300, Christian Folini > > > <chr...@ne...>, wrote: > > > > Hello Cristiano, > > > > > > > > Did you try ctl:ruleEngine=On? > > > > > > > > Christian > > > > > > > > On Wed, Mar 21, 2018 at 01:47:54PM -0300, Cristiano Galdino wrote: > > > > > Hi! > > > > > > > > > > My platform: > > > > > > > > > > - Modsecurity: 2.9.0-1 (from Ubuntu repository) > > > > > - CRS 3.0 > > > > > - Apache 2.4.18-2ubuntu3.5 > > > > > > > > > > Modsecurity is configured with SecRuleEngine DetectionOnly but I want > > > > > to activate some rules to block requests. > > > > > > > > > > This is my configuration: > > > > > > > > > > IncludeOptional /etc/modsecurity/modsecurity.conf (set SecRuleEngine > > > > > DetectionOnly) > > > > > IncludeOptional /usr/share/modsecurity-crs/owasp-crs.load > > > > > └──> Load all CRS 3 > > > > > IncludeOptional /usr/share/modsecurity-crs/my-rules.load > > > > > └──> Load my specifics Rules. > > > > > > > > > > I want to include in my rules something that activates CRS rules. For > > > > > example, change rule 920350 to engine=on to block accesses by IP. > > > > > > > > > > How to do this? > > > > ------------------------------------------------------------------------------ > > Check out the vibrant tech community on one of the world's most > > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > > _______________________________________________ > > mod-security-users mailing list > > mod...@li... > > https://lists.sourceforge.net/lists/listinfo/mod-security-users > > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > > http://www.modsecurity.org/projects/commercial/rules/ > > http://www.modsecurity.org/projects/commercial/support/ > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ -- https://www.feistyduck.com/training/modsecurity-training-course https://www.feistyduck.com/books/modsecurity-handbook/ mailto:chr...@ne... twitter: @ChrFolini |
