Hi Andrei, The directive pointed by Ronald, SecRuleRemoveById should work on IIS the same way it does on Apache.
Check in your ModSecurity installation directory, there is this "modsecurity_iis.conf". The "modsecurity_iis.conf" includes others configurations files, including "modsecurity.conf" and "modsecurity_crs_10_setup.conf". The directive can be placed in any of those files. Make sure that the rule is loaded before you add the SecRuleRemoveById, otherwise it won't work. Br., Felipe "Zimmerle" Costa Security Researcher, SpiderLabs Trustwave | SMART SECURITY ON DEMAND www.trustwave.com <http://www.trustwave.com/> On 8/22/14 6:12 AM, "Andrei" <coro...@starnet.md> wrote: >> I guess the documentation can tell you: >> >> >>https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#SecRuleRe >>moveById >example for modsecurity configuration files, but I need for >configuration file - web.config > >> If you only want to remove the rule for one site I suppose you will >> have to add "SecRuleRemoveById" inside your "VirtualHost" directive: >> http://httpd.apache.org/docs/current/mod/core.html#virtualhost >But this article for apache, I need for Microsoft IIS web-server > >On 2014-08-22 11:57, ronald.ploe...@bertelsmann.de wrote: >> Hi, >> >> I guess the documentation can tell you: >> >> >>https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#SecRuleRe >>moveById >> >> If you only want to remove the rule for one site I suppose you will >> have to add "SecRuleRemoveById" inside your "VirtualHost" directive: >> http://httpd.apache.org/docs/current/mod/core.html#virtualhost >> >> Best, >> Ronald >> >> >> -----Ursprüngliche Nachricht----- >> Von: owasp-modsecurity-core-rule-set-boun...@lists.owasp.org >> [mailto:owasp-modsecurity-core-rule-set-boun...@lists.owasp.org] Im >> Auftrag von Andrei >> Gesendet: Freitag, 22. August 2014 10:23 >> An: owasp-modsecurity-core-rule-set@lists.owasp.org >> Betreff: [Owasp-modsecurity-core-rule-set] How can I use directive >> SecRuleRemoveById on web.config >> >> Hello, >> >> Could anyone tell me, how can I use directive SecRuleRemoveById on >> web.config? >> P.S. I want to remove rule only for one web-site, not all. >> _______________________________________________ >> Owasp-modsecurity-core-rule-set mailing list >> Owasp-modsecurity-core-rule-set@lists.owasp.org >> >> https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set > >_______________________________________________ >Owasp-modsecurity-core-rule-set mailing list >Owasp-modsecurity-core-rule-set@lists.owasp.org >https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. _______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
