Thanks Loic, I still can't figure out how to update the target pattern. Would you be able to provide an example I can use as template? Thank you!
El vie., 26 jun. 2015 a las 13:02, Loïc Gomez (<owasp-...@kyoshiro.org>) escribió: > Le 26/06/2015 13:06, Adrián a écrit : > > Hi all, > > > > I've been lately trying (and failing) to update the pattern a chained > rule matches against > > when certain URI or ARG name are found. Here is the rule I am trying to > update: > > https://gist.github.com/anonymous/18c2a881a3277009fe79. > > > > The desire would be, without directly modifying the CRS rule, update it > not to match on a > > set of domains considered safe/internal. I've thought about it for a > while and couldn't > > come up with something that worked. I guess that if I could append > another chained rule to > > it, since it'd make a logical AND I could use !@contains(mydomain). Is > that or another > > solution possible? > > > > Any help welcome! > > Thanks > > Hi, > > When you update an action for a chained rule you need to append ",chain" > again in order for > the rule to work properly. > This is a known "bug" as indicated here : > > https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#secruleupdateactionbyid > > Best regards > Loïc Gomez > _______________________________________________ > Owasp-modsecurity-core-rule-set mailing list > Owasp-modsecurity-core-rule-set@lists.owasp.org > https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set >
_______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
