FYI – you are using "t:lowercase" transformation function in your action list but using mixed case in your opertor value.
Ryan Barnett Senior Lead Security Researcher, SpiderLabs Trustwave | SMART SECURITY ON DEMAND www.trustwave.com<http://www.trustwave.com/> From: Joshua Roback <jrob...@gmail.com<mailto:jrob...@gmail.com>> Date: Monday, September 22, 2014 10:17 AM To: <owasp-modsecurity-core-rule-set@lists.owasp.org<mailto:owasp-modsecurity-core-rule-set@lists.owasp.org>> Subject: [Owasp-modsecurity-core-rule-set] Whitelist POST to Filename What is the preferred method to whitelist a POST to a specific filename? My testing shows that REQUEST_FILENAME may only apply to the GET method. Here is my whitelist rule, which isn't currently working as expected. SecRule REQUEST_FILENAME "@streq /rpts/rptViewer.aspx" "id:'1521',phase:'1',nolog,noauditlog,tag:'GENERAL/GENERAL',pass,ctl:ruleRemoveById=981001,t:none,t:lowercase,setvar:'tx.pars_alert=0',setvar:'tx.prepend=1'" -- Joshua Roback _______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org<mailto:Owasp-modsecurity-core-rule-set@lists.owasp.org> https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.
_______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
