I have to deal with false positives customization...
For the exception based on LocationMatch + SecRuleRemoveById no problems!
But when i need to whitelist a POST/GET parameter i encounter troubles.
I tried much possibilities but none of them succeed. (Apache restarts but my whitelisted argument is not considered (still filtered)
The argument i want to blacklist is "msg" (as you can imagine it s the content of a message posted by a user, so it may contains much false positive due to smileys, html codes etc...)
Below some rules i actually put in my exception file file:
SecRule REQUEST_FILENAME " @streq /" "phase:1,t:none,nolog,pass,ctl:ruleRemoveById=*;ARGS:msg"
(not working, arg msg still filtered)
SecRule REQUEST_FILENAME "@streq /" "phase:1,t:none,nolog,pass,ctl:ruleRemoveById=000000-999999;ARGS:msg"
SecRuleUpdateTargetById * "!ARGS:msg"
SecRuleRemoveByMsg .*SQL.* "ARGS:msg"
(this one works but has the side effect of removing SQL detection for all the pages)
So as you understood i need to fully whitelist an argument and i can't, any help would be really appreciated.
For your information i can't whitelist the Location as it is an index.php file with much functions in the backend.
Thanks in advance.