From Abdelkarim , 3 Years ago, written in Bash.
Embed
  1. # ---------------------------------------------------------------
  2. # Core ModSecurity Rule Set ver.3.0.0
  3. # Copyright (C) 2006-2014 Trustwave All rights reserved.
  4. #
  5. # The OWASP ModSecurity Core Rule Set is distributed under
  6. # Apache Software License (ASL) version 2
  7. # Please see the enclosed LICENCE file for full details.
  8. # ---------------------------------------------------------------
  9.  
  10. #
  11. # The purpose of this file is to hold LOCAL exceptions for your site.
  12. # The types of rules that would go into this file are one where you want
  13. # to short-circuit inspection and allow certain transactions to pass through
  14. # inspection or if you want to alter rules that are applied.
  15. #
  16.  
  17. #
  18. # Example WHITELIST Rule - Disable inspection for an authorized client
  19. #
  20. # This ruleset allows you to control how ModSecurity will handle traffic originating
  21. # from Authorized Vulnerability Scanning (AVS) sources.
  22. # See related blog post -
  23. # http://blog.spiderlabs.com/2010/12/advanced-topic-of-the-week-handling-authorized-scanning-traffic.html
  24. #
  25. # White-list ASV network block (no blocking or logging of AVS traffic)
  26. # Update IP network block as appropriate for your AVS traffic
  27. #
  28. # #### EXAMPLE #### #
  29. #SecRule REMOTE_ADDR "@ipMatch 192.168.1.100" "phase:1,id:'981033',t:none,nolog,pass,ctl:ruleEngine=Off"  
  30. #SecRule REMOTE_ADDR "@ipMatch 176.31.31.233" "phase:1,id:'990002',t:none,nolog,pass,ctl:ruleEngine=Off"
  31. # ### END ##### #
  32.  
  33. SecRule REMOTE_ADDR "@ipMatch 176.31.31.233" "phase:1,id:'981140',t:none,nolog,pass,ctl:ruleEngine=Off"
  34.  
  35.  
  36. #Error
  37.  
  38. ago 22 06:22:16 srvXXX.XXXXX.XXXX restartsrv_httpd[8767]: AH00526: Syntax error on line 19 of /usr/local/apache/conf/modsec_vendor_configs/OWASP/rules/REQUEST-10-IP-REPUTATION.conf:
  39. ago 22 06:22:16 srvXXX.XXXXX.XXXX restartsrv_httpd[8767]: ModSecurity: Found another rule with the same id
  40.  
  41.