|
From: Brent C. <bre...@gm...> - 2019-05-14 08:45:12
|
Good day Christian A long day !!! Thanks so much !!! Regards Brent On 2019/05/14 10:35, Christian Folini wrote: > Hey Brent, > > You are putting this _after_ CRS. Yet your rule wants to remove a CRS rule. > So you are removing a rule that has already been executed. > > May I suggest to use my ModSec Tuning Cheatsheet? > https://www.netnea.com/cms/rule-exclusion-cheatsheet-download/ > > It addresses problems like this. > > Best, > > Christian > > > On Tue, May 14, 2019 at 10:09:47AM +0200, Brent Clark wrote: >> Good day Guys >> >> Sorry for the format (I store as JSON to send to kibana ), I got this error >> message. >> >> https://pastebin.com/zsvXX63n >> >> I thought I could allow by doing the following in >> EXCLUSION-RULES-AFTER-CRS.conf >> >> SecRule REQUEST_HEADERS:Content-Type "text/html" >> "id:1005,phase:2,pass,nolog,pass,ctl:ruleRemoveById=920420" >> >> I cant see what I am doing wrong. Could someone please assist write a rule >> and if possible, explain where I went wrong. >> >> Many thanks, regards >> Brent Clark >> >> >> _______________________________________________ >> mod-security-users mailing list >> mod...@li... >> https://lists.sourceforge.net/lists/listinfo/mod-security-users >> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: >> http://www.modsecurity.org/projects/commercial/rules/ >> http://www.modsecurity.org/projects/commercial/support/ > > > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ > |
