1 May 15:09
SecRule REQUEST_FILENAME & ctl:ruleRemoveById
From: Thomas Kofler <modsecurity <at> kofler.eu.org>
Subject: SecRule REQUEST_FILENAME & ctl:ruleRemoveById
Newsgroups: gmane.comp.apache.mod-security.user
Date: 2008-05-01 13:12:10 GMT
Subject: SecRule REQUEST_FILENAME & ctl:ruleRemoveById
Newsgroups: gmane.comp.apache.mod-security.user
Date: 2008-05-01 13:12:10 GMT
Hello,
I try to exclude one specific file from the core rule 990011.
modsecurity_crs_98_devcon.conf:
SecRule REQUEST_URI "^/schedule\.php$" "phase:1,nolog,pass,ctl:ruleRemoveById=990011"
A similar rule with REQUEST_URI regarding /server-status is working fine.
SecRule REQUEST_URI "/server-status" "phase:1,nolog,pass,ctl:ruleRemoveById=990011"
But I am not able to exclude the file /schedule.php for alle hosts.
Any help is welcome,
Thanks,
Thomas
mod_security 2.5
[Thu May 01 15:00:35 2008] [error] [client 192.168.2.28] ModSecurity: Warning. Match of "rx ^apache.*perl" against "REQUEST_HEADERS:User-Agent" required. [file "/etc/httpd/conf/modsecurity/modsecurity_crs_35_bad_robots.conf"] [line "29"] [id "990011"] [msg "Request Indicates an automated program explored the site"] [severity "NOTICE"] [tag "AUTOMATION/MISC"] [hostname "www.vistore.at"] [uri "/shedule.php"] [unique_id "2fS <at> LMCoAhwAAHZ7ccMAAAAE"]
~
Request Details
GET /shedule.php HTTP/1.0
Host: www.vistore.at
Accept: text/html, text/plain, audio/mod, image/*, application/msword, applicatio \
n/pdf, application/postscript, text/sgml, */*;q=0.01
Accept-Language: en
User-Agent: Lynx/2.8.5rel.1 libwww-FM/2.14 SSL-MM/1.4.1 OpenSSL/0.9.8b
I try to exclude one specific file from the core rule 990011.
modsecurity_crs_98_devcon.conf:
SecRule REQUEST_URI "^/schedule\.php$" "phase:1,nolog,pass,ctl:ruleRemoveById=990011"
A similar rule with REQUEST_URI regarding /server-status is working fine.
SecRule REQUEST_URI "/server-status" "phase:1,nolog,pass,ctl:ruleRemoveById=990011"
But I am not able to exclude the file /schedule.php for alle hosts.
Any help is welcome,
Thanks,
Thomas
mod_security 2.5
[Thu May 01 15:00:35 2008] [error] [client 192.168.2.28] ModSecurity: Warning. Match of "rx ^apache.*perl" against "REQUEST_HEADERS:User-Agent" required. [file "/etc/httpd/conf/modsecurity/modsecurity_crs_35_bad_robots.conf"] [line "29"] [id "990011"] [msg "Request Indicates an automated program explored the site"] [severity "NOTICE"] [tag "AUTOMATION/MISC"] [hostname "www.vistore.at"] [uri "/shedule.php"] [unique_id "2fS <at> LMCoAhwAAHZ7ccMAAAAE"]
~
Request Details
GET /shedule.php HTTP/1.0
Host: www.vistore.at
Accept: text/html, text/plain, audio/mod, image/*, application/msword, applicatio \
n/pdf, application/postscript, text/sgml, */*;q=0.01
Accept-Language: en
User-Agent: Lynx/2.8.5rel.1 libwww-FM/2.14 SSL-MM/1.4.1 OpenSSL/0.9.8b
------------------------------------------------------------------------- This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
_______________________________________________ mod-security-users mailing list mod-security-users <at> lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/mod-security-users
RSS Feed