# --------------------------------------------------------------- # Core ModSecurity Rule Set ver.2.2.8 # Copyright (C) 2006-2012 Trustwave All rights reserved. # # The OWASP ModSecurity Core Rule Set is distributed under # Apache Software License (ASL) version 2 # Please see the enclosed LICENCE file for full details. # --------------------------------------------------------------- # # -=[ You must be using the Resource Profiling Rules to track this data ]=- # # modsecurity_crs_40_appsensor_detection_point_2.0_setup.conf # modsecurity_crs_40_appsensor_detection_point_3.0_end.conf # # # -=[ Disable ModSecurity For Arachni Scans ]=- # # Update the remote IP address for your Arachni RPC host # #SecRule REMOTE_ADDR "@ipMatch 192.168.168.128" "chain,id:'900030',phase:1,t:none,nolog,pass" # SecRule REQUEST_HEADERS:User-Agent "@beginsWith Arachni/" "ctl:ruleEngine=Off" # # -=[ Initiate Arachni Scan on 1st URL Access ]=- # # Update the path to the arachni_integration.lua script # #SecRule &RESOURCE:ARACHNI_SCAN_COMPLETED "@eq 0" "chain,id:'900031',phase:5,t:none,log,pass" # SecRule &ARGS "@gt 0" "exec:/usr/share/modsecurity-crs/lua/arachni_integration.lua"