php - ModSecurity Whitelisting for specific uri

View Original

I have set up Apache2 + PHP5 on CentOS 7

Some PHPs of my web application, they accept UUID as GET parameter and this violates the ModSecurity URI pattern.

I want to set up ModSecurity to bypass security checks for specific URIs. How can I do this?

Thanks!

Answer

Solution:

You can create an exclusion rule like this:

SecRule REQUEST_FILENAME "@endsWith /dir/script.php" \
    "id:1000,\
    phase:2,\
    pass,\
    t:none,\
    nolog,\
    ctl:ruleRemoveTargetById=932130;ARGS:get_or_post_parameter,\
    ctl:ruleRemoveTargetById=941100;ARGS:get_or_post_parameter,\
    ctl:ruleRemoveTargetById=932130;ARGS:get_or_post_parameter2"

Set your URI in the first line and, at the end of the rule, add exclusions for pairs of rule ID and GET/POST parameter name (like in the example above). Finally, put rule into file REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf .

Source
© 2021
E-mail: contact@webdevask.com
Back to top