-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Ryan et al.,
I've been struggling trying to exclude from our rules false positives in piwik analytics. I tried using "SecUpdateTargetBy*", or matching specifically using SecRule REQUEST_URI and 'ctl:remove*', without success. In the meantime, I saw that there is a global exclusion for Google analytics cookies (__utm) , but no for Piwik cookies (_pk_ref). Using that information, I made my exclusion on all rules, using this oneliner: <code> for rulefile in activated_rules/*.conf; do sed -i -e 's@:/__utm/@:'/_(_utm|pk_ref)/'@g' $rulefile; done </code> at my 'activated_rules' directory. As this applies to the core ruleset, surely it will be overwritten at the next update. Could this addition made it into default rules (well, google analytics is already there, so...)? All Piwik users will be grateful :) Regards, Felipe. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlKc5X4ACgkQH2cTtfSrHKkQuQCaApKKGngkByPErrxIhsR78GKQ Ih8AoIGm887bjG5H7eIsM+g7VI9F4Zt8 =zADt -----END PGP SIGNATURE----- _______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
