Re: [mod-security-users] Make rule log instead of block at runtime
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] Make rule log instead of block at runtime
|
From: Manuel S. <spa...@gm...> - 2019-11-20 13:19:50
|
Hi Dominik you can use SecRuleUpdateActionById to modify rule action on preexistent rules without removing them. Regards, Manuel Sent from my iPhone > On Nov 20, 2019, at 5:20 AM, Dominik Strecker <Dom...@sy...> wrote: > > Hi there, > > I can whitelist a rule (e. g., from the CRS) for a specific URL like so: > > SecRule REQUEST_URI "@beginsWith /fileupload/" "id:1920120,phase:1,nolog,pass,ctl:ruleRemoveById=920120" > > Is there a way to not remove the rule entirely, but just make it log instead of block? The only way I found was to copy and doctor the entire rule, which is hard to maintain. > > The use case is: Users sometimes upload files with weird names. I want to allow this, but still see it in the logs. > > Many thanks, > Dominik > -- > Unsere Grundsätze zur Datenverarbeitung finden Sie unter: https://www.syracom.de/footernavi/grundsaetze-der-datenverarbeitung-bei-der-syracom-ag.html > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ |
