[mod-security-users] ctl:ruleRemoveById not working?

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hi all,

I feel like I'm going blind here, I'm sure the problem is obvious and (to me) embarrassing. But - I'm trying to write a whitelist rule that selectively disabled a specific rule:

# acs: Some clients stick charsets in content-type request headers
SecRule REQUEST_HEADERS:Content-Type "@rx charset\s*=\s*([^;\s]+)" \
    "phase:request,id:1103,t:none,pass,nolog,tag:'md-debug',chain,\
        ctl:ruleRemoveById=920480"
            SecRule REQUEST_URI "@rx ^(/mdpayacs/pareq|/pan-tokenisation/PanTokenServiceImpl).*" "t:none"

I know the matcher works, because when I use
        ctl:ruleRemoveTargetByTag='OWASP_CRS/PROTOCOL_VIOLATION/CONTENT_TYPE_CHARSET';REQUEST_HEADERS:Content-Type"

the whitelist works as expected. I just think disabling the explicit rule would be the more correct/cheap thing to do.

What am I doing wrong?
libmodsecurity 3.0.3 and nginx on FreeBSD, CRS 3.1.0.
Note that it works with CRS 3.0.0 but I think rule 920480 is new in 3.1, so that would explain that part.

/Eirik