On Sun, Mar 16, 2014 at 10:10:27PM +0100, Ramy Darwish wrote: > Hello everyone, > > Just a quick question about skipping checks on static content, > specifically about the CRS rule file: > http://goo.gl/ZY79E2 > > I was just wondering: is there a specific reason why the "allow" > statements occur on phase 2 instead of 1?
Hi Ramy, There are two things to note here: 1. By default phase 1 runs in the same Apache hook as phase 2. 2. These rules use the allow phase parameter which overrides the normal (post v2.5) 'allow' operator behaivor and only stops processing the current phase. This allows us to skip the rules that check request related rules for static content while still checking phase three and four rules in the server response. -- Josh Amishav-Zlatin CTO | Wafsec The WAF is free, your time isn't _______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
