Skip to content
This repository was archived by the owner on May 14, 2020. It is now read-only.
This repository was archived by the owner on May 14, 2020. It is now read-only.

libmodsecurity (v3) incompatible ctl:ruleRemoveByTag in rules/REQUEST-903.9003-NEXTCLOUD-EXCLUSION-RULES.conf #1418

@theMiddleBlue

Description

@theMiddleBlue

the following two exclusion rules are not compatible with libmodsecurity (v3) due to ctl:ruleRemoveByTag:

file: rules/REQUEST-903.9003-NEXTCLOUD-EXCLUSION-RULES.conf

9003100:

SecRule REQUEST_FILENAME "@contains /remote.php/webdav" \
"id:9003100,\
phase:2,\
pass,\
t:none,\
nolog,\
ctl:ruleRemoveByTag=attack-injection-php,\
ctl:ruleRemoveById=941000-942999,\
ctl:ruleRemoveById=951000-951999,\
ctl:ruleRemoveById=953100-953130,\
ctl:ruleRemoveById=920420,\
ctl:ruleRemoveById=920440"

9003340:

SecRule REQUEST_FILENAME "@contains /index.php/apps/notes/" \
"id:9003340,\
phase:2,\
pass,\
t:none,\
nolog,\
ctl:ruleRemoveByTag=attack-injection-php"

Metadata

Metadata

Assignees

No one assigned

    Labels

    ModSecIssue related to ModSecurity

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions