Ok im not really good at this im trying to override one of the rules to
not check for urls in the request which some of the scripts use
SecRuleRemoveById 50905 300018 300040 50013 10006
SecRule ARGS (!referer)
"chain,auditlog,id:300018,rev:3,severity:2,msg:'(gotroot/rules.conf)
Generic PHP code injection protection via ARGS'"
SecRule ARGS "(ht|f)tps?:/")
so dont check when there is a referer= however im getting this
Error parsing actions: Unknown action: )
I wonder how its possible to chain the current rule to not filter for
that argument only ?
Ofer Shezaf wrote:
'SecFilterEngine'
is a 1.9.x directive. You got it
right and SecRuleEngine is the correct directive for ModSecurity 2.x.
Sorry for
the typo.
~ Ofer
Ivan Ristic
wrote:
On
11/21/06, Dan Rossi <spam@xxxxxxxxxxxxxxxx>
wrote:
Ivan Ristic
wrote:
>
> It is documented and it works. However, "SecFilterInheritance"
> prevents the rules from being inherited from the parent context
but it
> does nothing to the configuration options. The configuration
settings
> are always inherited. If you want something different to happen
just
> provide different configuration. So, in your case you could do
> something like:
>
> <Location /signup>
> SecFilterInheritance Off
> SecFilterForceByteRange 0 255
> </Location>
>
Ok what im saying here is, every rule set as default will have to be
overwritten as u have here, ie the ones we need to override for etc, so
mod sec cant be turned off per virtualhost for instance ?
Sure it can:
<VirtualHost whatever>
SecFilterEngine Off
SecAuditEngine Off
</VirtualHost>
Hi
Ivan, i just put these rules inside virtualhost for mod sec 2 and i
get
this
Invalid command 'SecFilterEngine', perhaps mis-spelled or defined by a
module
not included in the server configuration
if i do
SecRuleEngine Off
SecAuditEngine Off
its ok however for some of our zend encoded files something happens
with the
posts, i dont get any errors but it seems modsec is doing something
even though
ive turned if off in that path and redirects back to the file . I cant
go into
the code and look because its encoded and there is no log :\
|
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV_______________________________________________
mod-security-users mailing list
mod-security-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/mod-security-users
| 
