Thread: [mod-security-users] Is it possible to exclude arguments from all rules?
Brought to you by:
victorhora,
zimmerletw
From: Kricner, S. <Seb...@ma...> - 2012-06-21 12:29:14
|
Hello mod_security users, is got asked whether it is possible to exclude REQUEST_COOKIES from all rules used by mod_security. I got given, that the following works: SecRuleUpdateTargetById 950901 !REQUEST_COOKIES It is possible to apply such for all rules? Regards -- Sebastian Kricner m.a.x. Informationstechnologie AG Landshuter Allee 12-14 D - 80637 Muenchen Fon: +49 (89) 54 26 26 - 204 Fax: +49 (89) 54 26 26 - 110 mailto:seb...@ma... http://www.max-it.de |
From: Ryan B. <RBa...@tr...> - 2012-06-21 13:09:09
|
On 6/21/12 8:11 AM, "Kricner, Sebastian" <Seb...@ma...> wrote: > >Hello mod_security users, > >is got asked whether it is possible to exclude REQUEST_COOKIES from all >rules used by mod_security. >I got given, that the following works: >SecRuleUpdateTargetById 950901 !REQUEST_COOKIES > >It is possible to apply such for all rules? > >Regards > Sebastian, I am assuming you are using the OWASP ModSecurity CRS. The best way to do this, since the rule IDs are not grouped into specific categories, would be to use SecRuleUpdateTargetByTag - https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Referen ce_Manual#SecRuleUpdateTargetByTag This will allow you to update groups of rules: SecRuleUpdateTargetByTag "WEB_ATTACK/XSS" "!REQUEST_COOKIES" SecRuleUpdateTargetByTag "WEB_ATTACK/SQL_INJECTION" "!REQUEST_COOKIES" ... Hope this helps. Ryan This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. |