'Re: [mod-security-users] How to exclude .com from restricted_extensions only for rule 920440'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       mod-security-users
Subject:    Re: [mod-security-users] How to exclude .com from restricted_extensions only for rule 920440
From:       Franziska Buehler <franziska.buehler.schmocker () gmail ! com>
Date:       2022-04-30 18:47:39
Message-ID: CALrdzmJaAyfaOoiVipSOnX2t5EsmG+9QchHzZSO83-QihZb9MA () mail ! gmail ! com
[Download RAW message or body]

[Attachment #2 (multipart/alternative)]


Hi!

OWASP Core Rule Set Dev-On-Duty here.

The rule 920440 checks the variable tx.restricted_extensions (
https://github.com/coreruleset/coreruleset/blob/v4.0/dev/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf#L1064
 ).
This variable can be set in the crs-setup.conf file. So you have to
uncomment and edit (remove .com) the following rule 900240:
https://github.com/coreruleset/coreruleset/blob/v4.0/dev/crs-setup.conf.example#L473

Best regards,
Franziska


Am Fr., 29. Apr. 2022 um 19:07 Uhr schrieb s kwok <mrstephenkwok@gmail.com>:

> Hi,
> 
> I'd like to exclude .com from restricted_extensions only for rule 920440.
> Can someone please tell me how to do that? Thanks!
> 
> Best
> skwok
> _______________________________________________
> mod-security-users mailing list
> mod-security-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/mod-security-users
> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
> http://www.modsecurity.org/projects/commercial/rules/
> http://www.modsecurity.org/projects/commercial/support/
> 


[Attachment #5 (text/html)]

<div dir="ltr">Hi!<div><br></div><div>OWASP Core Rule Set Dev-On-Duty \
here.<br><div><br></div><div>The rule 920440 checks the variable  <span \
style="color:rgb(36,41,47);font-family:ui-monospace,SFMono-Regular,&quot;SF \
Mono&quot;,Menlo,Consolas,&quot;Liberation \
Mono&quot;,monospace;font-size:12px;white-space:pre;background-color:rgb(255,248,197)">tx.restricted_extensions</span> \
(<a href="https://github.com/coreruleset/coreruleset/blob/v4.0/dev/rules/REQUEST-920-P \
ROTOCOL-ENFORCEMENT.conf#L1064">https://github.com/coreruleset/coreruleset/blob/v4.0/dev/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf#L1064</a>).</div><div>This \
variable can be set in the crs-setup.conf file. So you have to uncomment and edit \
(remove .com) the following rule  <span \
style="color:rgb(36,41,47);font-family:ui-monospace,SFMono-Regular,&quot;SF \
Mono&quot;,Menlo,Consolas,&quot;Liberation \
Mono&quot;,monospace;font-size:12px;white-space:pre">900240</span>:</div><div><a \
href="https://github.com/coreruleset/coreruleset/blob/v4.0/dev/crs-setup.conf.example# \
L473">https://github.com/coreruleset/coreruleset/blob/v4.0/dev/crs-setup.conf.example#L473</a><br></div><div><br></div><div>Best \
regards,</div><div>Franziska</div><div><br></div></div></div><br><div \
class="gmail_quote"><div dir="ltr" class="gmail_attr">Am Fr., 29. Apr. 2022 um 19:07  \
Uhr schrieb s kwok &lt;<a \
href="mailto:mrstephenkwok@gmail.com">mrstephenkwok@gmail.com</a>&gt;:<br></div><blockquote \
class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid \
rgb(204,204,204);padding-left:1ex"><div dir="ltr">Hi,<div><br></div><div>I&#39;d like \
to  exclude .com from restricted_extensions only for rule 920440. Can someone please \
tell me how to do that? \
Thanks!</div><div><br></div><div>Best</div><div>skwok</div></div> \
_______________________________________________<br> mod-security-users mailing \
list<br> <a href="mailto:mod-security-users@lists.sourceforge.net" \
target="_blank">mod-security-users@lists.sourceforge.net</a><br> <a \
href="https://lists.sourceforge.net/lists/listinfo/mod-security-users" \
rel="noreferrer" target="_blank">https://lists.sourceforge.net/lists/listinfo/mod-security-users</a><br>
 Commercial ModSecurity Rules and Support from Trustwave&#39;s SpiderLabs:<br>
<a href="http://www.modsecurity.org/projects/commercial/rules/" rel="noreferrer" \
target="_blank">http://www.modsecurity.org/projects/commercial/rules/</a><br> <a \
href="http://www.modsecurity.org/projects/commercial/support/" rel="noreferrer" \
target="_blank">http://www.modsecurity.org/projects/commercial/support/</a><br> \
</blockquote></div>





_______________________________________________
mod-security-users mailing list
mod-security-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
http://www.modsecurity.org/projects/commercial/rules/
http://www.modsecurity.org/projects/commercial/support/


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic