0

Using Mod-Security I would like to have my production system blocking requests (SecRuleEngine On), but for some of the rules (perhaps provided with an update of the RuleSet) I would like to get notified. This should help me to identify False-Postive before bringing the Rule really in production.

In other words, I would like to configure DetectionOnly for a list of Rules, while others are still blocked.

Is there a way to configured that with ModSecurity?

Christoph Wiechmann
  • 19
  • 5

1 Answers1

1

You can update a specific rule, like this:

SecRuleUpdateActionById 12345 "pass,log"

Alternatively you can write your own rules to turn off the rule engine for certain scenario. See this questions for example: Set mod_security to detectionOnly for a specific page?

Barry Pollard
  • 40,655
  • 7
  • 76
  • 92