What is the preferred method to whitelist a POST to a specific filename? My testing shows that REQUEST_FILENAME may only apply to the GET method.
Here is my whitelist rule, which isn't currently working as expected. SecRule REQUEST_FILENAME "@streq /rpts/rptViewer.aspx" "id:'1521',phase:'1',nolog,noauditlog,tag:'GENERAL/GENERAL',pass,ctl:ruleRemoveById=981001,t:none,t:lowercase,setvar:'tx.pars_alert=0',setvar:'tx.prepend=1'" -- Joshua Roback
_______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
