This is probably the opposite of what you want to do. Not only does it not work with your link because of the extra slash (it is a dollar sign in your link) but this will turn off ALL the rules for any request that contains that keyword anywhere in it.
Take a look at this post: https://www.trustwave.com/Resources/SpiderLabs-Blog/ModSecurity-Advanced-Topic-of-the-Week--(Updated)-Exception-Handling/ To get a better idea of what you should be doing :). If you are confused by the post reach back out and I'll work with you some more. From: Ilyass Kaouam <ilyassi...@gmail.com<mailto:ilyassi...@gmail.com>> Reply-To: "ilyassi...@gmail.com<mailto:ilyassi...@gmail.com>" <ilyassi...@gmail.com<mailto:ilyassi...@gmail.com>> Date: Monday, December 28, 2015 at 5:05 AM To: Chaim Sanders <csand...@trustwave.com<mailto:csand...@trustwave.com>> Cc: "owasp-modsecurity-core-rule-set@lists.owasp.org<mailto:owasp-modsecurity-core-rule-set@lists.owasp.org>" <owasp-modsecurity-core-rule-set@lists.owasp.org<mailto:owasp-modsecurity-core-rule-set@lists.owasp.org>> Subject: Re: [Owasp-modsecurity-core-rule-set] Exclude a request Hi Chaim, Thank you for you reply, SecRule REQUEST_URI "^/SubmitCercle" id:1,t:none,t:lowercase,nolog,phase:1,allow,ctl:ruleEngine=Off,ctl:auditEngine=Off You would like say like this ? Thank you 2015-12-23 18:25 GMT+00:00 Chaim Sanders <csand...@trustwave.com<mailto:csand...@trustwave.com>>: The ideal way to do this with OWASP crs is to exclude that variable from being inspected by the given rule. This can be done by using the secupdatetargetbyid directive. To this directive you may pass ! Action and also the id of the rule causing the issue. For an example please see the modsecurity reference manual. When not using OWASP you would probably add chained portions to the rule to exclude it from firing whenever the request URL and parameters were present. Doing this with OWASP will cause issues with updates potentially. On Dec 23, 2015 11:41 AM, Ilyass Kaouam <ilyassi...@gmail.com<mailto:ilyassi...@gmail.com>> wrote: Hi, Hello, I have a question please I have a text field in which the user enters a message, the WAF blocks this request here is the url: POST / servlet / EspaceClientServlet?Action=Ajax$SubmitCercle I want to exclude this request that is to say to waf do not filter queries with "POST / servlet/EspaceClientServlet?Action=Ajax$SubmitCercle" Can you please tell me how? Thank you -- Ilyass kaouam Systems administrator at Inforisk Group Finaccess ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. -- Ilyass kaouam Systems administrator at Inforisk Group Finaccess European Masters in Information Technology Portable : (212) 6 34 57 14 36 http://www.inforisk.ma<http://scanmail.trustwave.com/?c=4062&d=nYmB1gX5hByXWOEUpiGAQhNbEt90NxjN403iI3W9Uw&s=5&u=http%3a%2f%2fwww%2einforisk%2ema> ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.
_______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
