Hi guys,
good morning!!
My apache server is working with modsecurity 2.7.0-rc2 and I thinking to
update it to crs-2.2.7-13-g40b2c75.
I created a file modsecurity_crs_15_custom_rules.conf with some rules about
false positives as:
SecRule REQUEST_URI "^/admin/settings/ckeditor"
id:30,phase:1,chain,log,t:none,allow
SecRule REMOTE_ADDR "@rx ^10\.21\.12\.150" t:none,ctl:ruleEngine=off
<Location "/">
SecRuleRemoveById 960017
</Location>
I would like to know what is the impact if I migrate to the new version of
modsecurity, I mean, will the rules below work, etc ?
*->> second question*
SecRule REQUEST_URI "^/admin/settings/ckeditor"
id:30,phase:1,chain,log,t:none,allow
SecRule REMOTE_ADDR "@rx ^10\.21\.12\.150" t:none,ctl:*ruleEngine=off*
why if I replace *ruleEngine=off *by* **SecRuleRemoveById=960017*, for
example, it will fail ?
many thanks!
_______________________________________________
Owasp-modsecurity-core-rule-set mailing list
Owasp-modsecurity-core-rule-set@lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
