The Mod Security development team was kind enough to solve a problem we
were having with rule exclusions, and I wanted to post a working
solution for everyone in the list who might need a similar solution. We
have installed Mod Security version 2.5.2 which implements the new
feature "ctl:ruleRemoveById". What I was trying to accomplish was an
exclusion for a very specific PHP file for one of many virtual hosts on
the server, instead of all instances of the file or path which may exist.
Example: excluding a modsec rule for "/admin/index.php" is easily
accomplished with something like this:
However, this excludes the rule for any virtual host on the server which
has a file "/admin/index.php", which is undesirable. A better method
would be to exclude the rule for a specific domain instead and can be
achieved by the following:
SecRule REQUEST_HEADERS:Host "@endsWith domain.com"
SecRule REQUEST_FILENAME "@streq /admin/index.php"
This effectively removes the rule for "domain.com/admin/index.php" only.
Notice the statement "@endsWith" which ensures that the rule is excluded
for any variation of the domain including "http://domain.com";,
"http://www.domain.com";, or simply "domain.com". Remember to place this
statement in your custom rules file. Also, the rule shown above is a
single rule combined by 'chain', but must be written on two lines as
shown above in order to work correctly.
Thanks to the Mod Security team for helping me sleep better at night,
Get latest updates about Open Source Projects, Conferences and News.