Re: [mod-security-users] Mod security rule
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] Mod security rule
|
From: Christian F. <chr...@ne...> - 2019-01-29 05:09:53
|
Hello Matthijs, Manuel Spartan's advice is very sound. Here a bit of additional info: On Mon, Jan 28, 2019 at 04:23:08PM +0100, Matthijs Möhlmann wrote: > I am obviously missing something but I cannot find why. I already tried > adding 'setvar:anomaly_score-=5' and other parts. In my opinion one should > not disable the rules 949110 and 980130, then SQL injections won't be > detected properly (as example)? 949110 is a crucial rule as it makes the blocking decision. You were probably referring to 942110. I agree that this rule is best left intact, but sometimes, I have to disable it for a given path on a given parameter. If I do, I try to do this in a very granular way. 980130 is just a statistics rule. It can be ignored, or axes completely, if you do not have any use for it. Good luck! Christian -- If liberty means anything at all, it means the right to tell people what they do not want to hear. -- George Orwell |
