Hi all, I've been lately trying (and failing) to update the pattern a chained rule matches against when certain URI or ARG name are found. Here is the rule I am trying to update: https://gist.github.com/anonymous/18c2a881a3277009fe79.
The desire would be, without directly modifying the CRS rule, update it not to match on a set of domains considered safe/internal. I've thought about it for a while and couldn't come up with something that worked. I guess that if I could append another chained rule to it, since it'd make a logical AND I could use !@contains(mydomain). Is that or another solution possible? Any help welcome! Thanks
_______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
