Hi,
I've just recently activated the OWASP ruleset with ModSecurity, and I'm experiencing a lot more false positives than I was expecting. Something as simple as an admin publishing a new article is blocked (by ruleId
I'm also considering adding some IP addresses to be globally whitelisted for either some rules or all rules, but it's not really clear in the documentation how I would go about doing that. It looks to me like I would add my custom whitelisting rules in a new file called
Does anyone have some insights to share?
I've just recently activated the OWASP ruleset with ModSecurity, and I'm experiencing a lot more false positives than I was expecting. Something as simple as an admin publishing a new article is blocked (by ruleId
941160). I see that there is an "Application Specific Rule Exclusions" (ruleId 900130 in /etc/modsecurity.d/crs-setup.conf.main) that covers WordPress, Drupal, and a few others. Are these rule exclusions generally recommended?I'm also considering adding some IP addresses to be globally whitelisted for either some rules or all rules, but it's not really clear in the documentation how I would go about doing that. It looks to me like I would add my custom whitelisting rules in a new file called
/etc/modsecurity.d/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf, but this file is not mentioned in the DA documentation, so I'm not really sure if that's the right approach.Does anyone have some insights to share?
