[prev in list] [next in list] [prev in thread] [next in thread]
List: mod-security-users
Subject: Re: [mod-security-users] How to exclude .com from restricted_extensions only for rule 920440
From: Franziska Buehler <franziska.buehler.schmocker () gmail ! com>
Date: 2022-04-30 18:47:39
Message-ID: CALrdzmJaAyfaOoiVipSOnX2t5EsmG+9QchHzZSO83-QihZb9MA () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Hi!
OWASP Core Rule Set Dev-On-Duty here.
The rule 920440 checks the variable tx.restricted_extensions (
https://github.com/coreruleset/coreruleset/blob/v4.0/dev/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf#L1064
).
This variable can be set in the crs-setup.conf file. So you have to
uncomment and edit (remove .com) the following rule 900240:
https://github.com/coreruleset/coreruleset/blob/v4.0/dev/crs-setup.conf.example#L473
Best regards,
Franziska
Am Fr., 29. Apr. 2022 um 19:07 Uhr schrieb s kwok <mrstephenkwok@gmail.com>:
> Hi,
>
> I'd like to exclude .com from restricted_extensions only for rule 920440.
> Can someone please tell me how to do that? Thanks!
>
> Best
> skwok
> _______________________________________________
> mod-security-users mailing list
> mod-security-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/mod-security-users
> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
> http://www.modsecurity.org/projects/commercial/rules/
> http://www.modsecurity.org/projects/commercial/support/
>
[Attachment #5 (text/html)]
<div dir="ltr">Hi!<div><br></div><div>OWASP Core Rule Set Dev-On-Duty \
here.<br><div><br></div><div>The rule 920440 checks the variable <span \
style="color:rgb(36,41,47);font-family:ui-monospace,SFMono-Regular,"SF \
Mono",Menlo,Consolas,"Liberation \
Mono",monospace;font-size:12px;white-space:pre;background-color:rgb(255,248,197)">tx.restricted_extensions</span> \
(<a href="https://github.com/coreruleset/coreruleset/blob/v4.0/dev/rules/REQUEST-920-P \
ROTOCOL-ENFORCEMENT.conf#L1064">https://github.com/coreruleset/coreruleset/blob/v4.0/dev/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf#L1064</a>).</div><div>This \
variable can be set in the crs-setup.conf file. So you have to uncomment and edit \
(remove .com) the following rule <span \
style="color:rgb(36,41,47);font-family:ui-monospace,SFMono-Regular,"SF \
Mono",Menlo,Consolas,"Liberation \
Mono",monospace;font-size:12px;white-space:pre">900240</span>:</div><div><a \
href="https://github.com/coreruleset/coreruleset/blob/v4.0/dev/crs-setup.conf.example# \
L473">https://github.com/coreruleset/coreruleset/blob/v4.0/dev/crs-setup.conf.example#L473</a><br></div><div><br></div><div>Best \
regards,</div><div>Franziska</div><div><br></div></div></div><br><div \
class="gmail_quote"><div dir="ltr" class="gmail_attr">Am Fr., 29. Apr. 2022 um 19:07 \
Uhr schrieb s kwok <<a \
href="mailto:mrstephenkwok@gmail.com">mrstephenkwok@gmail.com</a>>:<br></div><blockquote \
class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid \
rgb(204,204,204);padding-left:1ex"><div dir="ltr">Hi,<div><br></div><div>I'd like \
to exclude .com from restricted_extensions only for rule 920440. Can someone please \
tell me how to do that? \
Thanks!</div><div><br></div><div>Best</div><div>skwok</div></div> \
_______________________________________________<br> mod-security-users mailing \
list<br> <a href="mailto:mod-security-users@lists.sourceforge.net" \
target="_blank">mod-security-users@lists.sourceforge.net</a><br> <a \
href="https://lists.sourceforge.net/lists/listinfo/mod-security-users" \
rel="noreferrer" target="_blank">https://lists.sourceforge.net/lists/listinfo/mod-security-users</a><br>
Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:<br>
<a href="http://www.modsecurity.org/projects/commercial/rules/" rel="noreferrer" \
target="_blank">http://www.modsecurity.org/projects/commercial/rules/</a><br> <a \
href="http://www.modsecurity.org/projects/commercial/support/" rel="noreferrer" \
target="_blank">http://www.modsecurity.org/projects/commercial/support/</a><br> \
</blockquote></div>
_______________________________________________
mod-security-users mailing list
mod-security-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
http://www.modsecurity.org/projects/commercial/rules/
http://www.modsecurity.org/projects/commercial/support/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic