Should you want to disable inspection of a POST for a specific URL, use the format below.
Assuming the URL you wanted to skip POST inspection was "upload", your exclusion rule would look like this:
SecRule REQUEST_URI "^/upload" \
"phase:1,id:1234567,t:none,t:lowercase,pass,nolog,ctl:requestBodyAccess=off"
Install this rule before any of your other rules. For example, in the file /etc/httpd/modsecurity.d/00_custom_exclude.conf.
Comments
0 comments
Please sign in to leave a comment.