SupermanInNY
Verified User
- Joined
- Sep 28, 2004
- Messages
- 420
Hi All,
Where are the mod_security exclusion rules for the IP of the server.
For domains that have yet to be resolved, we use an IP/~username .
However, I found that in the: /var/log/httpd/modsec_audit.log I have a 'violation' on ID:
modsecurity":"ModSecurity v3.0.2 (Linux)","connector":"mod_security 1.4","secrules_engine":"Enabled","components":["OWASP_CRS/3.3.0\""]},"messages":[{"message":"Host header is a numeric IP address","details":{"match":"Matched \"Operator `Rx' with parameter `^[\\d.:]+$' against variable `REQUEST_HEADERS:host' (Value: `x.x.x.x.' )","reference":"o0,12v359,12","ruleId":"920350","file":"/etc/modsecurity.d/REQUEST-920-PROTOCOL-ENFORCEMENT.conf","lineNumber":"718","data":"x.x.x.x","severity":"4","ver":"OWASP_CRS/3.3.0"
How do I Exclude this ruleId":"920350 ?
What file should I create or edit and what should I push into it?
Thanks for any input.
-Sup.
Where are the mod_security exclusion rules for the IP of the server.
For domains that have yet to be resolved, we use an IP/~username .
However, I found that in the: /var/log/httpd/modsec_audit.log I have a 'violation' on ID:
modsecurity":"ModSecurity v3.0.2 (Linux)","connector":"mod_security 1.4","secrules_engine":"Enabled","components":["OWASP_CRS/3.3.0\""]},"messages":[{"message":"Host header is a numeric IP address","details":{"match":"Matched \"Operator `Rx' with parameter `^[\\d.:]+$' against variable `REQUEST_HEADERS:host' (Value: `x.x.x.x.' )","reference":"o0,12v359,12","ruleId":"920350","file":"/etc/modsecurity.d/REQUEST-920-PROTOCOL-ENFORCEMENT.conf","lineNumber":"718","data":"x.x.x.x","severity":"4","ver":"OWASP_CRS/3.3.0"
How do I Exclude this ruleId":"920350 ?
What file should I create or edit and what should I push into it?
Thanks for any input.
-Sup.
