On Sat, Oct 30, 2010 at 5:40 PM, Jason Brooks <[email protected]> wrote:
[...snip] > So to clarify, it looks like I need two answers: > > 1) how to enable/disable some or all of CRS based on the incoming > interface, or ip address Hi Jason, There are a couple of ways to handle this, but here's one example that disables both the rule and audit engine for a specific IP: SecRule REMOTE_ADDR "@streq xxx.xxx.xxx.xxx" "phase:1,nolog,allow, \ ctl:ruleEngine=Off,ctl:auditEngine=Off" > and > 2) how to enable/disable some or all of CRS based on the request url, > or the request path. To disable some of the rules based on URI you can use something like: <LocationMatch /phpmyadmin/> SecRuleRemoveById 900000-900010 SecRuleRemoveById 999999 </LocationMatch> another variant could be: SecRule REQUEST_URI phpmyadmin "phase:2,t:none,t:lowercase,nolog, \ ctl:ruleRemoveById=999999" -- - Josh _______________________________________________ Owasp-modsecurity-core-rule-set mailing list [email protected] https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
