Thank you for your fast reaction. On Wed, Sep 28, 2011 at 3:42 PM, Ryan Barnett <[email protected]>wrote:
> Good catch, we will remove them and make sure that they use "block" only so > they will inherit your SecDefaultAction settings. > > Thanks. > > -- > Ryan Barnett > Senior Security Researcher > Trustwave - SpiderLabs > > > From: rm4dillo Dasypodidae <[email protected]<mailto:[email protected]>> > Date: Wed, 28 Sep 2011 08:37:57 -0500 > To: "[email protected]<mailto: > [email protected]>" < > [email protected]<mailto: > [email protected]>> > Subject: [Owasp-modsecurity-core-rule-set] XSS 973xxx rules "nolog" issue > > Hi all, > > I just noticed that all the rules that have an Id that starts with "973" > (modsecurity_crs_41_xss_attacks.conf) are the only CRS rules that have > "nolog" and "noauditlog" in their actions list despite the "setvar:tx.%{ > rule.id<http://rule.id>}-...-%{matched_var_name}=%{tx.0}" action. > Therefore it's impossible to override log destinations for those rules with > the "SecDefaultAction" directive. > > Is there any reason for that? > > TYIA > > Rm4dillo > > ________________________________ > This transmission may contain information that is privileged, confidential, > and/or exempt from disclosure under applicable law. If you are not the > intended recipient, you are hereby notified that any disclosure, copying, > distribution, or use of the information contained herein (including any > reliance thereon) is STRICTLY PROHIBITED. If you received this transmission > in error, please immediately contact the sender and destroy the material in > its entirety, whether in electronic or hard copy format. > >
_______________________________________________ Owasp-modsecurity-core-rule-set mailing list [email protected] https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
