Ryan, Thanks for the input. I believe that I can refer the custom-rules-file in apache.conf. Is there any particular name I need to give for that custom rules file ? (like modsecurity_crs_55*.conf) Then what should be the number to execute the contained rule with the right priority ?
Thanks. This solution is fine for me. I gave this in apache.conf as follows. But > it is not working (still forbidden). > > Is it Location or LocationMatch ? Thanks. > > > <IfModule security2_module> > <Location /iredadmin/login/> > SecRuleRemoveById 960010 > </Location> > > Include modsecurity_crs/modsecurity_crs_10_setup.conf > Include modsecurity_crs/activated_rules/*.conf > > </IfModule> > > > > The reason this does not work is because rule ID 960010 runs in phase:1 > and by placing the SecRuleRemoveById directive within an Apache scope > location, it won't execute until the end of phase:2. > > You might want to do this instead in a custom rules file that runs > before the other rules - > > SecRule REQUEST_FILENAME "@beginsWith /iredadmin/login/" > "phase:1,id:123,t:none,nolog,pass,ctl:ruleRemoveById=960010" > > -Ryan > >
_______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
