[Owasp-modsecurity-core-rule-set] phpmyadmin usage via localhost interface through mod_security

Jason Brooks jason at mi-squared.com
Sat Oct 30 18:41:08 EDT 2010


First, thank you for your reply.

>
> There are a couple of ways to handle this, but here's one example that
> disables both the rule and audit engine for a specific IP:
>
> SecRule REMOTE_ADDR "@streq xxx.xxx.xxx.xxx" "phase:1,nolog,allow, \
>  ctl:ruleEngine=Off,ctl:auditEngine=Off"
>

Does the equivalent string "LOCAL_ADDR" exist?  It's the listening  
address of localhost i want to unblock...



>> and
>> 2) how to enable/disable some or all of CRS based on the request url,
>> or the request path.
>
> To disable some of the rules based on URI you can use something like:
>
> <LocationMatch /phpmyadmin/>
>  SecRuleRemoveById 900000-900010
>  SecRuleRemoveById 999999
> </LocationMatch>

Silly question: how do I determine what the various ruleids will be?


>
> another variant could be:
>
> SecRule REQUEST_URI phpmyadmin "phase:2,t:none,t:lowercase,nolog, \
>  ctl:ruleRemoveById=999999"
>
> --
> - Josh
>

I think i need to buy the book.   :)

--jason




More information about the Owasp-modsecurity-core-rule-set mailing list