Exclusion for Apache modsecurity

abyss5 years ago

Hello
This rule might be helpful when you use Apache (as proxy) with modsecurity

SecRule REQUEST_URI "@beginsWith /api/" \
  "id:'000002', \
  phase:1, \
  t:none, \
  setvar:'tx.allowed_methods=GET POST PUT DELETE', \
  setvar:'tx.allowed_request_content_type=application/json', \
  nolog, \
  pass"

It allows GET POST PUT DELETE methods and application/json content type to access API

davejh4 years ago

interesting. where would this code be placed