Hi! I tried withphase 1 and 2 but kept logging events . I think it would be in phase 4 because rule 970901 (status 500) occurs at this time.
Tks!! On Wed, Aug 23, 2017 at 5:31 PM, Manuel Spartan <spartan...@gmail.com> wrote: > Hi Cristiano, your rule is using phase 4, which maybe too late, try using > phase 1 or 2 instead. > > Cheers! > > > On Aug 23, 2017 22:19, "Cristiano Galdino" <cristiano.gald...@gmail.com> > wrote: > > Hi! > > I have an application > returning status 500 and I can not fix it or take it out. I try disable > rule 970901 but > > modsecurity keeps logging events > . > > > File: > *modsecurity_crs_15_local_exceptions.conf* > > SecRule REQUEST_FILENAME "@beginsWith /monitor/" \ > "id:2500,phase:4,nolog,noauditlog,t:none,t:lowercase,msg:'Desativa regras > de para o contexto SIPAG-MONITOR-WEB',pass, \ > ctl:ruleRemoveById=970901" > > What can I do? > > Tks! > > > -- > Cristiano Galdino - cristi...@galdino.net > http://cristiano.galdino.net > > _______________________________________________ > Owasp-modsecurity-core-rule-set mailing list > Owasp-modsecurity-core-rule-set@lists.owasp.org > https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set > > > -- Cristiano Galdino - cristi...@galdino.net http://cristiano.galdino.net
_______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set