Is `SecAction` order important for an OWASP ModSecurity config file?

Çağlar Arlı - 7 Views

Is `SecAction` order important for an OWASP ModSecurity config file?

Using a web server with Nginx + ModSecurity + OWASP ModSecurity Core Rules...

On the OWASP config file crs-setup.conf is the order of the config section SecAction important or can i order them differently from the example config file?

Example:

SecAction \
 "id:900250,\
  phase:1,\
  nolog,\
  pass,\
  t:none,\
  setvar:'tx.restricted_headers=/proxy/ /lock-token/ /content-range/ /translate/ /if/'"

SecAction \
 "id:900200,\
  phase:1,\
  nolog,\
  pass,\
  t:none,\
  setvar:'tx.allowed_methods=GET HEAD POST OPTIONS'"

By default SecAction id:900200 is written before SecAction id:900250, is that order important?

P	S	Ç	P	C	C	P
				1	2	3
4	5	6	7	8	9	10
11	12	13	14	15	16	17
18	19	20	21	22	23	24
25	26	27	28	29	30	31

Annanowa

Is `SecAction` order important for an OWASP ModSecurity config file?

Is `SecAction` order important for an OWASP ModSecurity config file?

Son Yazılar

Son Yorumlar