Re: [Owasp-modsecurity-core-rule-set] Remove rule 970901 - CRS 2.2.8

Cristiano Galdino Wed, 23 Aug 2017 13:40:49 -0700

Hi!

I tried withphase 1 and 2 but kept
 
logging events
. I think it would be in phase 4 because rule 970901 (status 500) occurs
at this time.



Tks!!

On Wed, Aug 23, 2017 at 5:31 PM, Manuel Spartan <spartan...@gmail.com>
wrote:

> Hi Cristiano, your rule is using phase 4, which maybe too late, try using
> phase 1 or 2 instead.
>
> Cheers!
>
>
> On Aug 23, 2017 22:19, "Cristiano Galdino" <cristiano.gald...@gmail.com>
> wrote:
>
> Hi!
>
> I have an application
> returning status 500 and I can not fix it or take it out. I try disable
> rule 970901 but
>  
> modsecurity keeps logging events
> .
>
> 
> File:
> *modsecurity_crs_15_local_exceptions.conf*
>
> SecRule REQUEST_FILENAME "@beginsWith /monitor/" \
> "id:2500,phase:4,nolog,noauditlog,t:none,t:lowercase,msg:'Desativa regras
> de para o contexto SIPAG-MONITOR-WEB',pass, \
> ctl:ruleRemoveById=970901"
>
> What can I do?
>
> Tks!
>
>
> --
> Cristiano Galdino - cristi...@galdino.net
> http://cristiano.galdino.net
>
> _______________________________________________
> Owasp-modsecurity-core-rule-set mailing list
> Owasp-modsecurity-core-rule-set@lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
>
>
>


-- 
Cristiano Galdino - cristi...@galdino.net
http://cristiano.galdino.net

_______________________________________________
Owasp-modsecurity-core-rule-set mailing list
Owasp-modsecurity-core-rule-set@lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set

Re: [Owasp-modsecurity-core-rule-set] Remove rule 970901 - CRS 2.2.8

Reply via email to