Re: [mod-security-users] Info update rules CRS OWASP
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] Info update rules CRS OWASP
|
From: Christian F. <chr...@ne...> - 2018-12-12 16:51:34
|
Hey Marcello, That's very tricky or impossible at all. People generally write a rule exclusion for a false positive that skips the rule under certain conditions or they drop the rule and add it anew in a different form (like you have in mind). If you are unfamiliar with the handling of false positives, I suggest you read through my tutorials at https://netnea.com/apache-tutorials. Best, Christian On Wed, Dec 12, 2018 at 05:40:52PM +0100, Marcello Lorenzi wrote: > Hi All, > we have configured a Nginx webserver with mod_security 2.9.2 and OWASP CRS > 3.0.2 and during our tests we noticed that some rules blocked some requests > from external clients. We would update the rule with ID 920420 adding the > POST method into the SecRule section without rewriting the entire rule. > > Is it possible to override only a little part of a rule in a clean way? > > Thanks, > Marcello > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ |
