Hey gang, I know this isn't a CRS issue per se, but I thought you might have some insight before I either dig through the mod_security code or ask them how I should do this.
Our application occasionally wants to accept stuff that looks scary, like HTML, from certain form submissions. After some thought, I figured the best way to do this was to make a small change to the application to put "html" in the parameter name, and then use ctl:secRemoveTargetById to whitelist those rules on the way through the CRS rule set. Here's what I tried first, for one particular rule 973333: SecRule REQUEST_URI "." id:1000200,phase:2,pass,ctl:ruleRemoveTargetById=973333;ARGS:/[Hh]tml/ But it doesn't seem to work. Everything is being treated as normal. I've used that REQUEST_URI-matching-anything idiom in other rules, so I don't think that is failing to match. My intention is to remove 973333 for only those arguments that match the regex. Anyone have any suggestions for me, or attempt something similar? If I can get this rule working, I'd then expect to have additional rules removing other targets that look basically the same. Thanks in advance -- -m _______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
