<div>
This seems like a solution, but I haven't had a chance to test it yet. &nbsp;Appreciate the help.
</div>


This seems like a solution, but I haven't had a chance to test it yet.  Appreciate the help.

<div>
<div class="content wysiwyg-content">
I have the following chained modsecurity rules:<br />

<pre><code id="code-10-28598249-1">SecRule ARGS_GET_NAMES &quot;@pm loc&quot; &quot;phase:2,t:lowercase,allow:phase,log,chain,id:1018,severity:'6',msg:'loc is allowed'&quot;
        secRule ARGS_GET &quot;@pm home&quot; &quot;t:lowercase&quot;</code></pre>
<br />
Which basically says to allow Get request with the &quot;<b>loc</b>&quot; argument if it contains the string &quot;<b>home</b>&quot; to bypass phase 2 checks. &nbsp;This works fine, but I'd like to narrow it down a little further to only skip the specific rule that is was originally denying the request. &nbsp;In this case the rule is in the &quot;modsecurity_crs_41_sql_in<wbr />jection_at<wbr />tacks.conf<wbr />&quot; and is rule ID 999999 (made up since I'm not in front of the system right now). &nbsp;<br />
<br />
Using the above chained rule criteria, how can I bypass a specific rule for only that request?
</div>
</div>


I have the following chained modsecurity rules:
(CODE)

Which basically says to allow Get request with the "loc" argument if it contains the string "home" to bypass phase 2 checks.  This works fine, but I'd like to narrow it down a little further to only skip the specific rule that is was originally denying the request.  In this case the rule is in the "modsecurity_crs_41_sql_injection_attacks.conf" and is rule ID 999999 (made up since I'm not in front of the system right now).  

Using the above chained rule criteria, how can I bypass a specific rule for only that request?

Modsecurity Bypass Specific Rule

The Apache HTTP Server is a secure, efficient and extensible server that provides HTTP services in sync with the current HTTP standards. Typically Apache is run on a Unix-like operating system, but it is available for a wide variety of operating systems, including Linux, Novell NetWare, Mac OS-X and Windows. Released under the Apache License, Apache is open-source software.

Apache Web Server

The Linux operating system, in all its flavors, has its own share of security flaws that allow intrusions, but there are various mechanisms by which these flaws can be removed, generally divided into two parts: authentication and access control. Authentication is responsible for ensuring that a user requesting access to the system is really the user with the account, while access control is responsible for controlling which resources each account has access to and what kind of access is permitted.

Linux Security

Security is the protection of information systems from theft or damage to the hardware, the software, and the information on them, as well as from disruption or misdirection of the services they provide. The main goal of security is protecting assets, and an asset is anything of value and worthy of protection.  Information Security is a discipline of protecting information assets from threats through safeguards to achieve the objectives of confidentiality, integrity, and availability or CIA for short. On the other hand, disclosure, alteration, and disruption (DAD) compromise the security objectives.