Configuration variables overwriting

[Systems Admin]

Hello,

I did not find in the documentation the recommended way to modify a variable, in my case it is tx.allowed_methods. What I would like is create or modify a conf file in /etc/modsecurity/... that will update the variable used in REQUEST-901-INITIALIZATION.conf (id 901160) without touching the REQUEST-901-INITIALIZATION.conf file.

I tried using REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf without succes with SecRuleUpdateTargetById, most probably because I could not figure out the syntax.

Thank you for helping a newbie.

Patrick

[Franziska Buehler]

Hello Patrick

Please use your crs-setup.conf to set this variable:

https://github.com/coreruleset/coreruleset/blob/v4.0/dev/crs-setup.conf.example#L446

Uncomment the rule and add your allowed methods.

Best,

Franziska

CRS Dev-on-Duty

--
You received this message because you are subscribed to the Google Groups "ModSecurity Core Rule Set project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to modsecurity-core-rule-...@owasp.org.
To view this discussion on the web visit https://groups.google.com/a/owasp.org/d/msgid/modsecurity-core-rule-set-project/f4f88a5f-e30c-4a3b-9699-875d19923eb8n%40owasp.org.

[Systems Admin]

Perfect,

Sorry for the basic question, it works perfectly.

Have a nice day

[Franziska Buehler]

Glad to hear that it works!

No need to say sorry. I'm happy to help! Everyone was a newbie at some point.

If you need more guides please take a look at https://coreruleset.org -> Documentation.

Or if you need help tuning the CRS check out the tuning tutorials by our co-lead Christian Folini at https://www.netnea.com/cms/tutorials/.

Have a great day too!

Franziska