On 12/29/10 6:17 PM, "Dimitri Yioulos" <[email protected]> wrote:
>Since I upgraded my ruleset to the latest and >greatest, my custom ruleset >(modsecurity_crs_15_customconfig.conf) to >whitelist my internal hosts insn't working. Here >are the rules: > >SecRule REMOTE_ADDR "127\.0\.0\.1" "allow, nolog" >SecRule REMOTE_ADDR "^192\.168\.100\." >phase:1,nolog,allow,ctl:ruleEngine=Off,ctl:auditEngine=Off >SecRule REMOTE_ADDR "^192\.168\.1\." >phase:1,nolog,allow,ctl:ruleEngine=Off,ctl:auditEngine=Off >SecRule REMOTE_ADDR "^192\.168\.101\." >phase:1,nolog,allow,ctl:ruleEngine=Off,ctl:auditEngine=Off > >One of my internal host running nagios is >now triggering a rule (Access denied with code 403 >(phase 1). Pattern match "^(.*)$" at >REQUEST_HEADERS:User-Agent). What do I need to >do to fix this? Dimitri, What specific CRS rule ID is triggering? Can you send an audit or error log example? -Ryan _______________________________________________ Owasp-modsecurity-core-rule-set mailing list [email protected] https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
