[Owasp-modsecurity-core-rule-set] whitelisting a parameter
Chris Datfung
chris.datfung at gmail.com
Sat Feb 27 15:13:35 EST 2010
I'm getting a large number of false positives in various requests due to the
encrypted value of the ViewState parameter. I can whitelist the false
positives one by one via SecRuleRemoveById, but instead of waiting for the
next false positive (I have blocking enabled) I want to put any rules that
want to block due to a suspicious ViewState parameter into DetectionOnly
mode and still have the rest of the request in blocking mode. Is this
possible?
Thanks,
Chris
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-modsecurity-core-rule-set/attachments/20100227/5b71ffe9/attachment.html
More information about the Owasp-modsecurity-core-rule-set
mailing list