question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Review exclusion documentation

See original GitHub issue

_Issue originally created by user lifeforms on date 2016-03-25 20:20:13. Link to original issue: https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/319._

The file REQUEST-00-LOCAL-WHITELIST.conf.example is rather short. It should contain various examples of common whitelist rules. Some ideas:

Whitelist a cookie from all CRS rules after validating it (should be recommended- this only skips when the value is known to be safe):

SecRule REQUEST_COOKIES:PHPSESSID "^[a-zA-z0-9\-,]+$" \
    "id:1,phase:request,t:none,nolog,pass,\
        ctl:ruleRemoveTargetByTag=CRS;REQUEST_COOKIES:PHPSESSID"

Whitelist a get/post parameter from all CRS rules

SecRule REQUEST_FILENAME "@endsWith /wp-login.php" \
    "id:2,phase:request,t:none,nolog,pass,\
        ctl:ruleRemoveTargetByTag=CRS;ARGS:pwd"

Whitelist all get/post parameters from CRS rules

SecRule REQUEST_FILENAME "@endsWith /weirdform.php" \
    "id:3,phase:request,t:none,nolog,pass,\
        ctl:ruleRemoveTargetByTag=CRS;ARGS"

Whitelist a url completely from CRS rules (should be discouraged)

SecRule REQUEST_FILENAME "@endsWith /weirdform.php" \
    "id:4,phase:request,t:none,nolog,pass,\
        ctl:ruleRemoveByTag=CRS"

Disable all rules for a platform or language not in use, e.g. platform-windows:

SecRule REQUEST_FILENAME "@endsWith /weirdform.php" \
    "id:5,phase:request,t:none,nolog,pass,\
        ctl:ruleRemoveByTag=platform-windows"

Disable all the Windows rules for a complete site/vhost:

SecAction \
    "id:6,phase:request,t:none,nolog,pass,\
        ctl:ruleRemoveByTag=platform-windows"

Explain to create a new .conf file with the same name to make it active (file is now called .conf.example)

Explain that ctl:ruleRemoveTargetById/Tag and ctl:ruleRemoveById/Tag must be run BEFORE the CRS rules. If the user desires to put these whitelistings in a different .conf file, it must be included in Apache config earlier than the CRS.

Maybe also explain the SecRuleRemoveByTag/Id rules. Though these must run AFTER. I don’t know if there is any advantage to them. If so, should we explain it? If not, could we settle on recommending just one system instead of two?

Issue Analytics

  • State:closed
  • Created 3 years ago
  • Comments:27

github_iconTop GitHub Comments

1reaction
CRS-migration-botcommented, May 13, 2020

User csanders-git commented on date 2016-07-26 18:53:53:

There is a massive advantage to using SecRuleRemoveBy* from a performance perspective as it isn’t in memory. It is removed at boot as opposed to being removed per transaction.

0reactions
CRS-migration-botcommented, May 13, 2020

User dune73 commented on date 2016-10-03 20:11:46:

Closing in favor of PR #601.

Read more comments on GitHub >

github_iconTop Results From Across the Web

Systematic Reviews: Inclusion and Exclusion Criteria
Inclusion and exclusion criteria are developed after a research question is finalized but before a search is carried out. They determine the ...
Read more >
Inclusion/Exclusion Criteria - Systematic Reviews
Exclusion criteria are the elements of an article that disqualify the study from inclusion in a literature review. For example, excluded studies ...
Read more >
Selection Criteria - How to Conduct a Literature Review ...
Exclusion criteria are the elements of an article that disqualify the study from inclusion in a literature review. Some examples are: Study used ......
Read more >
Preparing Environmental Documents | FTA
There are three levels of environmental review and documentation under NEPA ... A categorical exclusion (CE) is a category of actions that, ...
Read more >
4. Apply Inclusion and Exclusion Criteria - Systematic Review ...
All decisions to include or exclude certain studies or groups of studies should be documented in the methods section of the research proposal/ ......
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found