On Thu, Jun 6, 2013 at 12:02 PM, Aniyan Rajan <aniyan.raj...@gmail.com>wrote:
> Josh, > > It is not working. Still getting Forbidden page. > > Hi Aniyan, Can you send me the audit log (with sections H and K) privately? Thanks, -- - Josh > THanks. > > On Thu, Jun 6, 2013 at 1:09 PM, Josh Amishav-Zlatin <jam...@owasp.org>wrote: > >> On Wed, Jun 5, 2013 at 3:25 PM, Aniyan Rajan <aniyan.raj...@gmail.com>wrote: >> >>> >>> This solution is fine for me. I gave this in apache.conf as follows. But >>> it is not working (still forbidden). >>> >>> Is it Location or LocationMatch ? Thanks. >>> >>> >> Hi Aniyan, >> >> If your using a regex like below then use LocationMatch, otherwise if >> your only matching a specific URI then Location works. The audit log that >> you posted showed the request was to /iredadmin/login, thus use can use >> Location and simply remove the trailing / after 'login' in the Location >> section below. >> >> -- >> - Josh >> >> >>> <IfModule security2_module> >>> <Location /iredadmin/login/> >>> SecRuleRemoveById 960010 >>> </Location> >>> >>> Include modsecurity_crs/modsecurity_crs_10_setup.conf >>> Include _crs/activated_rules/*.conf >>> >>> </IfModule> >>> >>> > > > _______________________________________________ > Owasp-modsecurity-core-rule-set mailing list > Owasp-modsecurity-core-rule-set@lists.owasp.org > https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set > >
_______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
