modsecurity conflict

I have come across an issue where an entry in our URL is conflicting with a rule in modsecurity. I don't want to remove the rule but I want to fix it so that when a user calls the url that they don't get an "access denied" error.

The modsecurity rule causing the problem is (the specific item is in bold):
SecRule REQUEST_FILENAME|ARGS_NAMES|ARGS|XML:/* "\bcd\b\W*?[\\/]" \
                "phase:2,rev:'2.0.5',capture,t:none,t:htmlEntityDecode,t:compressWhitespace,t:lowercase,ctl:auditLogParts=+E,pass,nolog,auditlog,msg:'System Command Injection',id:'958821',tag:'WEB_ATTACK/COMMAND_INJECTION',tag:'WASCTC/WASC-31',tag:'OWASP_TOP_10/A1',tag:'PCI/6.5.2',logdata:'%{TX.0}',seve$


and the url that is activating the rule is:
http://mydomain.com/path/path/track/CD/performance

Any idea on how to resolve this?
LVL 10
pand0ra_usaAsked:
Who is Participating?
 
pand0ra_usaConnect With a Mentor Author Commented:
Nevermind, found the answer. I just inserted a space after cd.

REQUEST_FILENAME|ARGS_NAMES|ARGS|XML:/* "\bcd \b\W*?[\\/]" \
0
 
pand0ra_usaAuthor Commented:
Found the answer myself
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.