[Owasp-modsecurity-core-rule-set] disable core set rules for a specific php file / finding out a rule number?

Tom tomzamir at gmail.com
Thu Jan 14 00:11:20 EST 2010


I know this has been asked before, but I am unable to accomplish this task
without breaking apache.

I am using mod_sec v1.9.5 and owasp 2.0.4.

So I do not mind turning mod_sec all together for a specific file in the
site, or just the problematic rule, but I am not even sure how to find out
the rule number, i can't see it in the logs.

What I do see is the false positive:

message: Warning. Operator GE matched 5 at TX:anomaly_score. [file
[line "46"] [msg "Transactional Anomaly Score (score 175): IE XSS Filters -
Attack Detected"]


Please help, I have tried everything and searched google for hours!

Thanks in advance

The mind apprehends reality
and hearkens to the call of the senses
but does not shine with its own light. - Patanjali (via A. Villodo)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-modsecurity-core-rule-set/attachments/20100113/5180489c/attachment.html 

More information about the Owasp-modsecurity-core-rule-set mailing list