[mod-security-users] Issue with whitelisting rule CRS

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hi Users,
we are testing mod_security on a Nginx 1.12.2 version on our development
environment and we installed the mod_security 2.9.2 with the OWASP CRS
3.0.2. Into our error_log we noticed this error repeated:

2018/05/21 09:13:41 [error] 247#247: [client 10.0.0.1] ModSecurity:
Warning. Pattern match "(.*)" at REQUEST_URI. [file
"/usr/local/nginx/conf/crs-rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"]
[line "500"] [id "22"] [msg "got /cp"] [hostname ""] [uri "/pub/test.html"]
[unique_id "ALAcAchiAcAcAcAcAVAcAcAG"]

We configure the file RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf  to skip
the rule with SecRuleRemoveById related to the rule ID, but the entries are
present into the error_log.

Could you confirm if the configuration permits the contents and logs the
entry? Is it possible to remove also the logging phase?

Thanks in advance,
Marcello