On Tue, Nov 12, 2013 at 6:55 PM, Dietrich Streifert < dietrich.streif...@googlemail.com> wrote:
> > I've tried to disable the rule via > > <LocationMatch /* > > <IfModule mod_security2.c> > SecRuleRemoveById 960012 > </IfModule> > </LocationMatch> > with no success. > > I've seen in line 312 of modsecurity_crs_20_protocol_violations.conf that > rule id 960012 has a chained rule which has no rule id. > > Would I need to also disable the chained rule, which of course, I can't do > because of the missing rule id? > > Hi Dietrich, A chained rule is essentially one rule thus no ID is assigned to the subsequent chained rules. Regarding your exception, which version of ModSecurity are you using? Rule 960012 runs in phase 1, while Location and LocationMatch run in phase 2. If you are running a recent version of ModSecurity, where rules in phase 1 and phase 2 are run at the same time, then make sure your exception is placed before rule 960012 is created, e.g. in a 15 file. If you are running an older version of ModSecurity, try creating an exception using a SecRule and ctl. -- - Josh Is this a bug or a newbies common mistake? > > Regards > Dietrich > _______________________________________________ > Owasp-modsecurity-core-rule-set mailing list > Owasp-modsecurity-core-rule-set@lists.owasp.org > https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set >
_______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
