Ryan Barnett | 25 Aug 15:13 2011

Re: [Owasp-modsecurity-core-rule-set] ModSecurity Advanced Topic of the Week: (Updated) Exception Handling


On 8/24/11 5:47 PM, "Thomas D. Dahlmann" <domingo <at> domingo.dk> wrote:

>On 2011-08-24 23:12, Ryan Barnett wrote:
>> SecRuleUpdateTargetById 950907 !REQUEST_FILENAME
>If I go with the above will it then bypass any file request
>unconditionally?

Correct, if you use this directive, it will modify the TARGET list for
rule ID 950907 and will not inspect the REQUEST_FILENAME variable at all.

-Ryan

>
>/T
>

This transmission may contain information that is privileged, confidential, and/or exempt from
disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any
disclosure, copying, distribution, or use of the information contained herein (including any reliance
thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately
contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.

------------------------------------------------------------------------------
EMC VNX: the world's simplest storage, starting under $10K
The only unified storage solution that offers unified management 
Up to 160% more powerful than alternatives and 25% more efficient. 
Guaranteed. http://p.sf.net/sfu/emc-vnx-dev2dev
_______________________________________________
mod-security-users mailing list
mod-security-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
ModSecurity Services from Trustwave's SpiderLabs:
https://www.trustwave.com/application-security.php


Gmane