Modsecurity Scratchpad

April 20, 2021

Ref: https://stackoverflow.com/questions/38232609/how-do-i-skip-certains-rules-for-parameter-in-a-path-in-modsecurity

SecRule REQUEST_URI "@beginsWith /path/to/myfile.php" "id:1234,phase:2,t:none,pass,chain \
     SecRuleUpdateTargetByTag "OWASP_CRS:WEB_ATTACK/XSS" !ARGS:param2

# Default HTTP policy: allowed_methods (rule 900200)
SecRule &TX:allowed_methods "@eq 0" \
    "id:901160,\
    phase:1,\
    pass,\
    nolog,\
    setvar:'tx.allowed_methods=GET HEAD POST OPTIONS'"

# Default HTTP policy: allowed_request_content_type (rule 900220)
SecRule &TX:allowed_request_content_type "@eq 0" \
    "id:901162,\
    phase:1,\
    pass,\
    nolog,\
    setvar:'tx.allowed_request_content_type=application/x-www-form-urlencoded|multipart/form-data|text/xml|application/xml|application/soap+xml|application/x-amf|application/json|application/octet-stream|text/plain'"

# Default HTTP policy: static_extensions (rule 900260)
SecRule &TX:static_extensions "@eq 0" \
    "id:901166,\
    phase:1,\
    pass,\
    nolog,\
    setvar:'tx.static_extensions=/.jpg/ /.jpeg/ /.png/ /.gif/ /.js/ /.css/ /.ico/ /.svg/ /.webp/'"

SecRule &TX:crs_exclusions_wordpress|TX:crs_exclusions_wordpress "@eq 0" \
    "id:9002000,\
    phase:1,\
    pass,\
    t:none,\
    nolog,\
    skipAfter:END-WORDPRESS"

SecRule &TX:crs_exclusions_wordpress|TX:crs_exclusions_wordpress "@eq 0" \
    "id:9002001,\
    phase:2,\
    pass,\
    t:none,\
    nolog,\
    skipAfter:END-WORDPRESS"

Rules




SecMarker "END-WORDPRESS"

gantt dateFormat YYYY-MM-DD title Adding GANTT diagram to mermaid excludes weekdays 2021-05-05 section A section Completed task :done, des1, 2021-05-01,2021-05-04 Active task :active, des2, 2021-05-05, 3d Future task : des3, after des2, 5d Future task2 : des4, after des3, 5d