All,
We have a web application that has been configured to run with mod_security.
We are getting a few false positives. Another server needs to perform http
posts to us, and the framework that performs these calls is getting
blocked. I have managed to figure out that if we update apache config with
the following changes our app works correctly
<LocationMatch "/secure/j_spring_security_check*">
SecRuleRemoveById 960015 960021 960012 990012
</LocationMatch>
<LocationMatch "/thirdPartyTransaction/submission*">
SecRuleRemoveById 960015 960021 960012 990012
</LocationMatch>
<LocationMatch "/secure/j_spring_security_logout*">
SecRuleRemoveById 960015 960021 960012 990012
</LocationMatch>
This works fine in that the app now works without raising any false
positives. The rules are for missing accept header, content length, and
invalid user agent. My questions are
1. is this out of date or current/preferred method for handling false
positives
2. should we use SecFilterSelective instead?
3. can we do this better - e.g. if we know the IP range for the client,
can we configure to switch these rules off across the board?
Apache 2.2.17, win32, core ruleset/2.1.1
First post, so please forgive me when I forget something critical
Thanks
Chris
_______________________________________________
Owasp-modsecurity-core-rule-set mailing list
[email protected]
https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
