19May
Is `SecAction` order important for an OWASP ModSecurity config file?
Using a web server with Nginx + ModSecurity + OWASP ModSecurity Core Rules...
On the OWASP config file crs-setup.conf
is the order of the config section SecAction
important or can i order them differently from the example config file?
Example:
SecAction \
"id:900250,\
phase:1,\
nolog,\
pass,\
t:none,\
setvar:'tx.restricted_headers=/proxy/ /lock-token/ /content-range/ /translate/ /if/'"
SecAction \
"id:900200,\
phase:1,\
nolog,\
pass,\
t:none,\
setvar:'tx.allowed_methods=GET HEAD POST OPTIONS'"
By default SecAction id:900200
is written before SecAction id:900250
, is that order important?