If you want to remove entire categories of rules, I would suggest you use SecRuleRemoveByMsg - http://www.modsecurity.org/documentation/modsecurity-apache/2.5.12/modsecurity2-apache-reference.html#N10B9F
You could do - >> <LocationMatch /phpmyadmin/> >> SecRuleRemoveByMsg "SQL Injection" >> </LocationMatch> While this does make it easier to remove groups o rules, it doesn't contain the logic you want (remote_addr). We need to enhance the ctl action to include this capability so you can do conditional exceptions based on more data then the URI. -- Ryan Barnett Senior Security Researcher Trustwave - SpiderLabs On Oct 30, 2010, at 6:41 PM, Jason Brooks <[email protected]> wrote: > First, thank you for your reply. > >> >> There are a couple of ways to handle this, but here's one example that >> disables both the rule and audit engine for a specific IP: >> >> SecRule REMOTE_ADDR "@streq xxx.xxx.xxx.xxx" "phase:1,nolog,allow, \ >> ctl:ruleEngine=Off,ctl:auditEngine=Off" >> > > Does the equivalent string "LOCAL_ADDR" exist? It's the listening > address of localhost i want to unblock... > > > >>> and >>> 2) how to enable/disable some or all of CRS based on the request url, >>> or the request path. >> >> To disable some of the rules based on URI you can use something like: >> >> <LocationMatch /phpmyadmin/> >> SecRuleRemoveById 900000-900010 >> SecRuleRemoveById 999999 >> </LocationMatch> > > Silly question: how do I determine what the various ruleids will be? > > >> >> another variant could be: >> >> SecRule REQUEST_URI phpmyadmin "phase:2,t:none,t:lowercase,nolog, \ >> ctl:ruleRemoveById=999999" >> >> -- >> - Josh >> > > I think i need to buy the book. :) > > --jason > > > _______________________________________________ > Owasp-modsecurity-core-rule-set mailing list > [email protected] > https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set _______________________________________________ Owasp-modsecurity-core-rule-set mailing list [email protected] https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
