[Owasp-modsecurity-core-rule-set] disable one rule
rcbarnett at gmail.com
Sun Aug 23 09:30:48 EDT 2009
On Sunday 23 August 2009 04:23:29 am Christian Klossek wrote:
> for one php-file I need to disable the rule "Possible HTTP Parameter
> Pollution Attack: Multiple Parameters with the same Name."
> Example: http://localhost/example.php?test=abcde&test=abcde
> That url should be legal. And I don't want to change the core rules
> directly. Is there a possibility to create a special rule for that url
> and that parameter in my "modsecurity_crs_15_custom_config.conf"?
This particular rule should have a rule ID but it seems to be missing. This
is a bug and will be fixed. Even without a rule ID, you can still add a rule
to the modsecurity_crs_48_local_exceptions.conf file to address this issue.
See the last example if the file as it seems similar to your issue where you
want to add an exception based on a URL. Here is an example rule -
SecRule REQUEST_FILENAME "@streq /example.php"
SecRule TX:'/-WEB_ATTACK/COMMAND_INJECTION-TX:arg_name_test/' "@streq
SecRule MATCHED_VAR_NAME "TX\:(.*)" "capture,t:none,setvar:!tx.
Ryan C. Barnett
WASC Distributed Open Proxy Honeypot Project Leader
OWASP ModSecurity Core Rule Set Project Leader
Tactical Web Application Security
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-modsecurity-core-rule-set