[Mod-security-developers] Rule evaluation question
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
[Mod-security-developers] Rule evaluation question
|
From: Jai H. <jai...@mu...> - 2019-05-08 01:04:05
|
Any way to stop rule evaluation on the request side after a request rule "triggers", but then continue with response rule evaluation? >From my crs-setup.conf file: SecDefaultAction "phase:1,log,auditlog,deny,status:403" SecDefaultAction "phase:2,log,auditlog,deny,status:403" # For response (phase 3/4), continue processing after first rule is # triggered. #SecDefaultAction "phase:3,log,auditlog,deny,status:403" #SecDefaultAction "phase:4,log,auditlog,deny,status:403" With above settings, if a rule is triggered during phase 1 or phase 2, the remaining phases don't evaluate rules. I would like just the rules within the phase which triggered the rule to be skipped, but not subsequent ones. Any way to achieve this? |
