Hi I installed modsecurity 2.9.1 on a CentOS 6 and tried to use the CRS3 rules. Then I made the default configuration only modified the RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf file so when there is a blocking action, the client is redirected to a specific page.
Then I used: SecRuleUpdateActionById 949110 "t: none, redirect: 'http://<mycustompage>', chain" SecRuleUpdateActionById 959100 "t: none, redirect: 'http://<mycustompage>', chain" But it did not work when I tested it with http: //<mytest>/?foo=../../../etc/passwd When I comment the lines that change the Disruptive Action for Anomaly Mode, the blocking occurs as expected with code 403 Does anyone know how to make this work. Thank you! Gessy
_______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
