D7net
Home
Console
Upload
information
Create File
Create Folder
About
Tools
:
/
opt
/
bitninja-waf
/
etc
/
crs
/
rules
/
Filename :
REQUEST-905-COMMON-EXCEPTIONS.conf
back
Copy
# ------------------------------------------------------------------------ # OWASP ModSecurity Core Rule Set ver.3.0.2 # Copyright (c) 2006-2016 Trustwave and contributors. All rights reserved. # # The OWASP ModSecurity Core Rule Set is distributed under # Apache Software License (ASL) version 2 # Please see the enclosed LICENSE file for full details. # ------------------------------------------------------------------------ # This file is used as an exception mechanism to remove common false positives # that may be encountered. # # Exception for Apache SSL pinger # SecRule REQUEST_LINE "@streq GET /" \ "phase:1,\ id:905100,\ t:none,\ pass,\ nolog,\ tag:'application-multi',\ tag:'language-multi',\ tag:'platform-apache',\ tag:'attack-generic',\ chain" SecRule REMOTE_ADDR "@ipMatch 127.0.0.1,::1" \ "t:none,\ ctl:ruleEngine=Off,\ ctl:auditEngine=Off" # # Exception for Apache internal dummy connection # SecRule REQUEST_LINE "^(GET /|OPTIONS \*) HTTP/[12]\.[01]$" \ "phase:1,\ id:905110,\ t:none,\ pass,\ nolog,\ tag:'application-multi',\ tag:'language-multi',\ tag:'platform-apache',\ tag:'attack-generic',\ chain" SecRule REMOTE_ADDR "@ipMatch 127.0.0.1,::1" \ "t:none,\ chain" SecRule REQUEST_HEADERS:User-Agent "^.*\(internal dummy connection\)$" \ "t:none,\ ctl:ruleEngine=Off,\ ctl:auditEngine=Off"