We use the Web Application Firewall based on ModSecurity with Core Rule Set and we need to define exception for some URI contained some cookies. Unfortunately, the name of cookies contains many suffixes, therefore we would like to use regular expression in the definition of the exception. I prepared jsessionid.conf file:
SecRule REQUEST_URI "@rx ^/.*" \
"id: 1001,\
phase:1,\
t:none,\
pass,\
nolog,\
msg:'Exception 1001,\
ctl:ruleRemoveTargetById=942100;REQUEST_COOKIES:/^JSESSIONID_.*/"
But after this change the server instance do not start with the error:
Error in configuration file: Rules error. File: …/shared/waf/rules/jsessionid.conf. Line: 8. Column: 67. Expecting an action, got: ^JSESSIONID_.*/"
Is there some syntax error or the regular expression in ruleRemoveTargetById cannot be used? Thank you very much in advance for your help.
Best regards,
Jarda