|
From: Franziska B. <fra...@gm...> - 2022-04-30 18:48:02
|
Hi! OWASP Core Rule Set Dev-On-Duty here. The rule 920440 checks the variable tx.restricted_extensions ( https://github.com/coreruleset/coreruleset/blob/v4.0/dev/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf#L1064 ). This variable can be set in the crs-setup.conf file. So you have to uncomment and edit (remove .com) the following rule 900240: https://github.com/coreruleset/coreruleset/blob/v4.0/dev/crs-setup.conf.example#L473 Best regards, Franziska Am Fr., 29. Apr. 2022 um 19:07 Uhr schrieb s kwok <mrs...@gm...>: > Hi, > > I'd like to exclude .com from restricted_extensions only for rule 920440. > Can someone please tell me how to do that? Thanks! > > Best > skwok > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ > |
