Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SecRuleUpdateActionById directive with a range #3297

Open
oceanmancuonh opened this issue Nov 12, 2024 · 3 comments
Open

SecRuleUpdateActionById directive with a range #3297

oceanmancuonh opened this issue Nov 12, 2024 · 3 comments
Labels
3.x Related to ModSecurity version 3.x

Comments

@oceanmancuonh
Copy link

How to use SecRuleUpdateActionById directive to change action of multi rule id ?
When i use
SecRuleUpdateActionById 70050015 "pass"
-> It's work

But
SecRuleUpdateActionById 70050014-70050016 "pass"
-> Not work

@oceanmancuonh oceanmancuonh added the 3.x Related to ModSecurity version 3.x label Nov 12, 2024
@airween
Copy link
Member

airween commented Nov 12, 2024

Hi @oceanmancuonh,

do you think that would be the expected behavior?

libmodsecurity3's reference shows it does not support at all:

https://github.com/owasp-modsecurity/ModSecurity/wiki/Reference-Manual-(v3.x)#secruleupdatetargetbyid

and mod_security2's reference that engine supports only the id[:offset] syntax:

https://github.com/owasp-modsecurity/ModSecurity/wiki/Reference-Manual-(v2.x)#secruleupdateactionbyid

@oceanmancuonh
Copy link
Author

that means if i want to change a series of action rules then i have to declare each rule id one by one if using this directive.
there is no way to select multi rule id like regex, wildcard, ...

@airween
Copy link
Member

airween commented Nov 13, 2024

that means if i want to change a series of action rules then i have to declare each rule id one by one if using this directive. there is no way to select multi rule id like regex, wildcard, ...

Yes, exactly.

You haven't mentioned which rule set you use, but if it's CRS, you can use SecRuleUpdateTargetByTag - docs is here. Probably it's more efficient.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
3.x Related to ModSecurity version 3.x
Projects
None yet
Development

No branches or pull requests

2 participants