Whitelisting a particular path

Free Modsecurity rules - Comodo Web Application Fi
1

I would like to disable certain rules only if the path requested ends in /Settings.

I’m new to modsecurity and CWAF, but I have a smidgen of Apache experience.

Server is running Ubuntu 14.04.4 LTS.
apache2 config is at /etc/apache2/
CWAF is at /usr/local/cwaf/ in standalone mode (no GUI plugins).

I’m able to successfully disable and enable rules, on a global basis, using the cwaf-cli.pl script. And I’m getting plenty of good logs for the system in its default state – what should be detected is being detected.

I just need help on how to set it up so that only a particular path will disable a rule.

Once that’s working, my next question is, can I switch a particular rule to DetectionOnly instead of disabling it?

2

Hi!

You can exclude rules for all and try to turn them on with directive
But we didn’t check this settings.
About second question… I’m not sure of it’s possibility.

3

You can do the following:

<LocationMatch "/Settings">
SecRuleEngine Off
</LocationMatch>

or

<LocationMatch "/Settings">
SecRuleRemoveById 200000–299999
</LocationMatch>

As LocationMatch accepts regular expression - you can specify complex cases.