Hi!I don't know if anyone experiences the same issue as us here, but I suppose at least this might contribute to all.I installed OWASP rules on a Centos running 2 Joomla sites with nearly 5,000 unique visitors a day.I was fortunate enough to identify and disable 12 rules that delivered a bunch of false positives (one of them locked down the server when one of us in the team submitted a security scan from CSF/LFD...).So, now it is running fine but one rule still delivers near 1,000 false positives a day and oddly enough having our own server IP as source!And severity level for ALL of the hits are NOTICE. So, this is not so much troublesome, except for the extra load on the server and the log size. I rotate it automatically everynight but it comes out at nearly 0,3 GB as standard size.So, what I am trying to do but don't know exactly how is to implent something like this in a file named modsecurity_crs_15_localrules.conf:SecRule REMOTE_ADDR "@streq XXX.YYY.Z.WWW"> "phase:1,t:none,pass,nolog,ctl:ruleRemoveById=960009"where XXX.YYY.Z.WWW is my server's IP address.Does anyone know if this is correct and if it can actually work to keep my server out of this rule execution?Tks a lot!All the best!Luiz Guilherme
_______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
