[mod-security-users] Trouble excluding params with ARGS_NAMES
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
[mod-security-users] Trouble excluding params with ARGS_NAMES
|
From: Jamie B. <ja...@ib...> - 2020-09-03 19:59:47
|
Hi there For reasons that are totally escaping me, I can't get the below exclusion rule to work: SecRuleUpdateTargetById 920000-943999 "!ARGS_NAMES:/password/" However, using this rule does work: SecRuleUpdateTargetById 920000-943999 "!ARGS:/password/" I had thought that the first version of this rule would exclude any parameter containing the word "password", but it does not seem to be working. The second version of the rule does work, but presumably will also match on any parameter value containing the word "password", which isn't really what I wanted. What am I doing wrong? Thanks in advance Jamie mod_security: 2.9.2 CRS: 3.3.0 |
