credog
asked on
Modsecurity Bypass Specific Rule
I have the following chained modsecurity rules:
Which basically says to allow Get request with the "loc" argument if it contains the string "home" to bypass phase 2 checks. This works fine, but I'd like to narrow it down a little further to only skip the specific rule that is was originally denying the request. In this case the rule is in the "modsecurity_crs_41_sql_in jection_at tacks.conf " and is rule ID 999999 (made up since I'm not in front of the system right now).
Using the above chained rule criteria, how can I bypass a specific rule for only that request?
SecRule ARGS_GET_NAMES "@pm loc" "phase:2,t:lowercase,allow:phase,log,chain,id:1018,severity:'6',msg:'loc is allowed'"
secRule ARGS_GET "@pm home" "t:lowercase"
Which basically says to allow Get request with the "loc" argument if it contains the string "home" to bypass phase 2 checks. This works fine, but I'd like to narrow it down a little further to only skip the specific rule that is was originally denying the request. In this case the rule is in the "modsecurity_crs_41_sql_in
Using the above chained rule criteria, how can I bypass a specific rule for only that request?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER