mod_sec whitelist
Hello,
Some of my client running Xenforo, and need to whitelist modsec by ID.
What i have got information from ModSec tools is this message:
and by my opinion, we need to remove modsec ID for path
I have try to add modsec whitelist with the following LocationMatch
It still not work. If i change to be like this:
It will work perfect. but it will whitelist all global index.php is there a way to white list only /index.php?editor/to-bb-code ? Thank You
Request: POST /index.php?editor/to-bb-code
Action Description: Access denied with redirection to http://www.domain.com/ using status 302 (phase 2).
Justification: detected XSS using libinjection.and by my opinion, we need to remove modsec ID for path
/index.php?editor/to-bb-codeI have try to add modsec whitelist with the following LocationMatch
SecRuleRemoveById 973343 # Breaks Xenforo Editing Post
SecRuleRemoveById 973340 # Breaks Xenforo Editing Post
SecRuleRemoveById 981257 # Breaks Xenforo Editing Post
SecRuleRemoveById 981245 # Breaks Xenforo Editing Post
SecRuleRemoveById 981243 # Breaks Xenforo Editing Post
It still not work. If i change to be like this:
It will work perfect. but it will whitelist all global index.php is there a way to white list only /index.php?editor/to-bb-code ? Thank You
-
I don't think locationmatch can accept query strings, unfortunately. See the link below. What comes after the question mark is php arguments (query string) and not a real "location" to apache. There would be ways to customize the rules themselves for this, but I don't really recommend that unless you are an advanced user. What I would do personally is just apply the list that works to the one domain only in an includes file. Configserver Modsec Control is great for this, you can make the exceptions for just one domain. Apache permissions based on querystring 0 -
Do you use CMC? ConfigServer ModSecurity Control (cmc) Using that you can disable rules per domain. 0 -
I don't think locationmatch can accept query strings, unfortunately. See the link below. What comes after the question mark is php arguments (query string) and not a real "location" to apache. There would be ways to customize the rules themselves for this, but I don't really recommend that unless you are an advanced user. What I would do personally is just apply the list that works to the one domain only in an includes file. Configserver Modsec Control is great for this, you can make the exceptions for just one domain. Apache permissions based on querystring
Hi, Thank for reply Yes, i have read that before, when search on google, i have seen there is a trick for it, but i forgot to save the link. maybe i should take a look againDo you use CMC? ConfigServer ModSecurity Control (cmc) Using that you can disable rules per domain.
Hi, Thank for reply, Yes i use CMC, i have seen post that LocationMatch can only use without query. Using disable per domain is good choice, and i have try it. But i think still more better if it targeting to the path that hit by ModSec. There is a trick for that, i have seen it at google before. And i forgot to save the link. I should take a look over it again.0
Please sign in to leave a comment.
Comments
3 comments