ModSecurity: How to write exclusion rules for list of REQUEST_URIs on separate domain names?

I have a server with 100 domain names. On each domain name, I have a unique list of pages/directories that I would like to whitelist (put ModSecurity into DetectionOnly mode temporarily). Basically, how would I write the rule for something… Continue reading ModSecurity: How to write exclusion rules for list of REQUEST_URIs on separate domain names?

ModSecurity / CRS: Need custom rule to deal with false positive (user-inserted HTML formatted listings)

ModSecurity 3.0.8
ModSecurity-Nginx 1.0.3
CRS 4.0.0-rc1

I have a marketplace where sellers can list anything for sale. On the "item description" section, we allow users to copy and paste their HTML formatting, like eBay does. We… Continue reading ModSecurity / CRS: Need custom rule to deal with false positive (user-inserted HTML formatted listings)

Very slow SOAP POST request processing with ModSecure for certain rules (SQL, IIS and system exploits)

While trying to implement NGinx WAF with ModSecurity 3.0.6 I am facing the issue with very poor XML SOAP POST performance. Rrequests takes ~5 seconds with occasional spikes up to 10 seconds.
If I disable the following set of ModSecurity Co… Continue reading Very slow SOAP POST request processing with ModSecure for certain rules (SQL, IIS and system exploits)