Is there any way to identiy which pattern to trigger the owasp crs rule ?

39 views
Skip to first unread message

边明凯

unread,
Jun 13, 2022, 4:00:54 AM6/13/22
to ModSecurity Core Rule Set project
Hi ALL

Hope you are doing great today,I am here to seek help in how to identify what pattern in traffic that triggers the CRS rule? thanks in advance.

For instance :

I have sent an HTTP request to the server and this request will go through WAF(OWSP CRS3) first and trigger a WAF rule, finally, this request is blocked and responded to the client with 403 response code status. I wanna do some testing and debugging to make the request forward to the server successfully and the client to get the HTTP 200 response status.
I think I just modified the pattern of HTTP requests, it may not trigger the WAF rules. but I need to know how to identify which pattern of HTTP request trigger the rules .

thanks in advance .


azurit

unread,
Jun 13, 2022, 6:02:50 AM6/13/22
to ModSecurity Core Rule Set project, bianm...@gmail.com
Hi,

you can find all information in the web server error logs - what web server are you running?

Also, to 'whitelist' a request you don't need to modify it. The more efficient and general way would be to create an exclusion rule which will match your request and let it pass through the WAF (but lets start with the logs, see above).

azurit
Reply all
Reply to author
Forward
0 new messages