Josh, It is not working. Still getting Forbidden page.
THanks. On Thu, Jun 6, 2013 at 1:09 PM, Josh Amishav-Zlatin <jam...@owasp.org>wrote: > On Wed, Jun 5, 2013 at 3:25 PM, Aniyan Rajan <aniyan.raj...@gmail.com>wrote: > >> >> This solution is fine for me. I gave this in apache.conf as follows. But >> it is not working (still forbidden). >> >> Is it Location or LocationMatch ? Thanks. >> >> > Hi Aniyan, > > If your using a regex like below then use LocationMatch, otherwise if your > only matching a specific URI then Location works. The audit log that you > posted showed the request was to /iredadmin/login, thus use can use > Location and simply remove the trailing / after 'login' in the Location > section below. > > -- > - Josh > > >> <IfModule security2_module> >> <Location /iredadmin/login/> >> SecRuleRemoveById 960010 >> </Location> >> >> Include modsecurity_crs/modsecurity_crs_10_setup.conf >> Include _crs/activated_rules/*.conf >> >> </IfModule> >> >>
_______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
