Re: [mod-security-users] Info update rules CRS OWASP

[Marcello L. <ce...@gm...>]

Hi Christian,
thanks for the response. I read your tutorial but ideally we have to put
the removal and update of the new rule into RESPONSE-999-EXCLUSION-RULES-
AFTER-CRS.conf?

Thanks,
Marcello

On Wed, Dec 12, 2018 at 5:53 PM Christian Folini <
chr...@ne...> wrote:

> Hey Marcello,
>
> That's very tricky or impossible at all.
>
> People generally write a rule exclusion for a false positive that
> skips the rule under certain conditions or they drop the rule and
> add it anew in a different form (like you have in mind).
>
> If you are unfamiliar with the handling of false positives, I suggest
> you read through my tutorials at https://netnea.com/apache-tutorials.
>
> Best,
>
> Christian
>
>
> On Wed, Dec 12, 2018 at 05:40:52PM +0100, Marcello Lorenzi wrote:
> > Hi All,
> > we have configured a Nginx webserver with mod_security 2.9.2 and OWASP
> CRS
> > 3.0.2 and during our tests we noticed that some rules blocked some
> requests
> > from external clients. We would update the rule with ID 920420 adding the
> > POST method into the SecRule section without rewriting the entire rule.
> >
> > Is it possible to override only a little part of a rule in a clean way?
> >
> > Thanks,
> > Marcello
>
>
> > _______________________________________________
> > mod-security-users mailing list
> > mod...@li...
> > https://lists.sourceforge.net/lists/listinfo/mod-security-users
> > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
> > http://www.modsecurity.org/projects/commercial/rules/
> > http://www.modsecurity.org/projects/commercial/support/
>
>
>
> _______________________________________________
> mod-security-users mailing list
> mod...@li...
> https://lists.sourceforge.net/lists/listinfo/mod-security-users
> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
> http://www.modsecurity.org/projects/commercial/rules/
> http://www.modsecurity.org/projects/commercial/support/
>