Ping a Specific Port

Question

Yes Barry

Asked: 2019-04-26 09:36:46 +0800 CST2019-04-26 09:36:46 +0800 CST 2019-04-26 09:36:46 +0800 CST

ModSecurity CRS 3 - Disable SQLi Rule For URI Pattern

772

I am trying to disable rule 942100 (an SQLi rule) when certain values are present in the URI, but apache won't start so something is wrong.

My attempt (in REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf):

SecRule ARGS "@rx (m[inax]{2}[_\w]+)\-{3}[ade]{1,2}sc" \
    "id:942100,\
    phase:2,\
    pass,\
    nolog,noauditlog,\
    ctl:ruleRemoveById=942100"

The idea is so that URI values such as "min_width---asc" and "max_height_or_width---desc" for example are not flagged by ModSec. I need to remove these false positives but it's not working.

1 Answers

Voted

airween · Answer 1 · 2019-04-28T00:14:02+08:00

Best Answer

airween

2019-04-28T00:14:02+08:002019-04-28T00:14:02+08:00

I think you can't remove the rule itself. As you can see, the id of your rule is equal what you want to remove.

If you see the original rule here, you can see, there is a unique id (1001). Why don't you modify the operator and arguments, and remove the comment?

Eg.:

SecRule ARGS "@rx (m[inax]{2}[_\w]+)\-{3}[ade]{1,2}sc" \
     "id:1001,\
     phase:1,\
     pass,\
     nolog,\
     ctl:ruleRemoveTargetById=942100"

Or you do that with a new, unique id (replace the 1001 with another unique value).

2

ModSecurity CRS 3 - Disable SQLi Rule For URI Pattern

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?