Le 26/06/2015 13:06, Adrián a écrit : > Hi all, > > I've been lately trying (and failing) to update the pattern a chained rule > matches against > when certain URI or ARG name are found. Here is the rule I am trying to > update: > https://gist.github.com/anonymous/18c2a881a3277009fe79. > > The desire would be, without directly modifying the CRS rule, update it not > to match on a > set of domains considered safe/internal. I've thought about it for a while > and couldn't > come up with something that worked. I guess that if I could append another > chained rule to > it, since it'd make a logical AND I could use !@contains(mydomain). Is that > or another > solution possible? > > Any help welcome! > Thanks
Hi, When you update an action for a chained rule you need to append ",chain" again in order for the rule to work properly. This is a known "bug" as indicated here : https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#secruleupdateactionbyid Best regards Loïc Gomez _______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
