Hi, I have installed Modsecurity 2.9 on IIS 7.5 with deafault CRS rules. I'm getting notice:
[client 10.6.4.104:62651] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_HEADERS. [file "C:\/Program Files/ModSecurity IIS/owasp_crs/base_rules/modsecurity_crs_21_protocol_anomalies.conf"] [line "47"] [id "960015"] [rev "1"] [msg "Request Missing an Accept Header"] [severity "NOTICE"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/MISSING_HEADER_ACCEPT"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "WVP-BSS-APP02"] [uri "/v2/toc/BSVK_color_csCrimson.xml"] [unique_id "11240984672064243758"] It's trusted transaction, I'm sure. And I would want to exclude this rule completely or only for this path "/v2/toc/BSVK_color_csCrimson.xml". I tried to add "SecRuleRemoveById 960015" to modsecurity.conf ,but it doesn't work. Also, I tried to create custom modsecurity_crs_21_protocol_anomalies.conf and the same. Could you explain me to exclude this rule? -- *Best regards, Alexander *
_______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
