|
From: Christian F. <chr...@ne...> - 2019-05-14 08:35:22
|
Hey Brent, You are putting this _after_ CRS. Yet your rule wants to remove a CRS rule. So you are removing a rule that has already been executed. May I suggest to use my ModSec Tuning Cheatsheet? https://www.netnea.com/cms/rule-exclusion-cheatsheet-download/ It addresses problems like this. Best, Christian On Tue, May 14, 2019 at 10:09:47AM +0200, Brent Clark wrote: > Good day Guys > > Sorry for the format (I store as JSON to send to kibana ), I got this error > message. > > https://pastebin.com/zsvXX63n > > I thought I could allow by doing the following in > EXCLUSION-RULES-AFTER-CRS.conf > > SecRule REQUEST_HEADERS:Content-Type "text/html" > "id:1005,phase:2,pass,nolog,pass,ctl:ruleRemoveById=920420" > > I cant see what I am doing wrong. Could someone please assist write a rule > and if possible, explain where I went wrong. > > Many thanks, regards > Brent Clark > > > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ |
