Welcome to the list!
It would help trouble-shooting efforts if you could send an audit log entry of the trabsaction. This would show your request and the rule that matched. This data helps to formulate the proper exception.
Speaking of exceptions - send what rule(s) you added to you custom 15 file.
Ryan C. Barnett
Director of Application Security Research
Breach Security, Inc.
From: Ronnie Adamowicz
Sent: Wed Apr 22 20:44:26 2009
Subject: [mod-security-users] whitelisting...
This is my first post to the list...looking forward to getting to know you all...
I've been getting some false positives. One of them:
SecRule REQUEST_HEADERS:User-Agent "!^apache.*perl"
For some reason, it's not letting me run my cron jobs.
Anyway, I'm trying to add this rule to a whitelist ( as opposed to just commenting it out).
I read somewhere that I need to I create a file called "modsecurity_crs_15_customrules.conf" and added the new rules there. I created this file in the same directory where the other rules are, but it's not working...
Get latest updates about Open Source Projects, Conferences and News.