Re: [mod-security-users] ModSecurity mod_security-2.9.2, Apache 2.4, oswap crs
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] ModSecurity mod_security-2.9.2, Apache 2.4, oswap crs
|
From: Madden, J. <Joe...@mo...> - 2019-10-04 13:52:19
|
Hi Ervin,
This information worked perfectly after I put the rules within the modsecurity_crs_10_config.conf
Thanks
Joe.
-----Original Message-----
From: Ervin Hegedüs <ai...@gm...>
Sent: 03 October 2019 16:33
To: Madden, Joe via mod-security-users <mod...@li...>
Cc: Madden, Joe <Joe...@mo...>
Subject: Re: [mod-security-users] ModSecurity mod_security-2.9.2, Apache 2.4, oswap crs
Hi Madden,
On Thu, Oct 03, 2019 at 02:43:45PM +0000, Madden, Joe via mod-security-users wrote:
> Hi all,
>
> I've got an issue where a password field with complex characters was triggering the following:
>
...
> I added this into the virtual host configuration (and tried the crs-setup.conf) but it doesn't exclude the password field.
>
> SecRule REQUEST_URI "@beginsWith /webclient/login" \
> "phase:2,nolog,pass,id:10001,ctl:ruleRemoveTargetById=981173;ARGS:password"
>
>
> Can anyone tell me why?
I think your custom rule in vhost context exists later than the target rule.
ModSecurity *have to* know the exclusions before the rule activated.
> What is the correct way to exclude this from that specific field (and
> not all other fields on the URL)
try to write a chained rule to the global exclusions list:
SecRule REMOTE_HOST "www\.yourhost\.com" \
"phase:2,nolog,pass,id:10001,chain"
SecRule ... like above without phase, pass and id
a.
|
