-
Notifications
You must be signed in to change notification settings - Fork 3
Expand file tree
/
Copy pathexemption_example.conf
More file actions
80 lines (71 loc) · 2 KB
/
exemption_example.conf
File metadata and controls
80 lines (71 loc) · 2 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
# CRS Linter Exemption Examples
#
# This file demonstrates how to use exemption comments to suppress
# specific linting rules for individual ModSecurity rules.
#
# Format: #crs-linter:ignore:rule1,rule2,rule3
#
# The exemption comment applies to the next non-comment, non-blank line.
# Example 1: Exempt a single rule
# This exempts the lowercase_ignorecase check for rule 1001
#crs-linter:ignore:lowercase_ignorecase
SecRule ARGS "@rx (?i)foo" \
"id:1001,\
phase:1,\
pass,\
t:lowercase"
# Example 2: Exempt multiple rules
# This exempts both lowercase_ignorecase and deprecated checks
#crs-linter:ignore:lowercase_ignorecase,deprecated
SecRule REQUEST_HEADERS:Referer "@rx (?i)attack" \
"id:1002,\
phase:1,\
deny,\
t:lowercase"
# Example 3: Case insensitive keywords
# Keywords (crs-linter, ignore) are case-insensitive
#CRS-LINTER:IGNORE:lowercase_ignorecase
SecRule ARGS "@rx (?i)bar" \
"id:1003,\
phase:1,\
pass,\
t:lowercase"
# Example 4: Whitespace tolerance
# Spaces around colons and commas are allowed
#crs-linter : ignore : lowercase_ignorecase , deprecated
SecRule REQUEST_HEADERS:Referer "@rx (?i)test" \
"id:1004,\
phase:1,\
deny,\
t:lowercase"
# Example 5: Exemption skips comments and blank lines
#crs-linter:ignore:lowercase_ignorecase
# This comment is skipped
# Blank lines are also skipped
SecRule ARGS "@rx (?i)baz" \
"id:1005,\
phase:1,\
pass,\
t:lowercase"
# Example 6: Multiple exemption comments for same rule
# Both exemptions apply to rule 1006
#crs-linter:ignore:lowercase_ignorecase
#crs-linter:ignore:deprecated
SecRule REQUEST_HEADERS:Referer "@rx (?i)combined" \
"id:1006,\
phase:1,\
deny,\
t:lowercase"
# Example 7: Exemption only affects the immediate next rule
#crs-linter:ignore:lowercase_ignorecase
SecRule ARGS "@rx (?i)first" \
"id:1007,\
phase:1,\
pass,\
t:lowercase"
# This rule is NOT exempted
SecRule ARGS "@rx (?i)second" \
"id:1008,\
phase:1,\
pass,\
t:lowercase"