# ---------------------------------------------------------------
# Core ModSecurity Rule Set ver.2.2.8
# Copyright (C) 2006-2012 Trustwave All rights reserved.
#
# The OWASP ModSecurity Core Rule Set is distributed under 
# Apache Software License (ASL) version 2
# Please see the enclosed LICENCE file for full details.
# ---------------------------------------------------------------


#
# This ruleset allows you to control how ModSecurity will handle traffic originating
# from Authorized Vulnerability Scanning (AVS) sources.
# See related blog post -
# http://blog.spiderlabs.com/2010/12/advanced-topic-of-the-week-handling-authorized-scanning-traffic.html
#

#
# White-list ASV network block (no blocking or logging of AVS traffic)
# Update IP network block as appropriate for your AVS traffic
#SecRule REMOTE_ADDR "@beginsWith 192.168.1." "phase:1,id:'981033',t:none,nolog,pass,allow"

#
# Recommended "Block but Don't Log" rule for scanning traffic
# Update IP address/network block as appropriate for your ASV traffic
#SecRule REMOTE_ADDR "@streq 192.168.1.101" "phase:1,id:'981034',t:none,nolog,pass,ctl:auditEngine=Off"

# Recommended phase 3 rule that will re-enable the audit engine if the request
# was not blocked by one of the normal rules.
# Update IP address/network block as appropriate for your ASV traffic
#SecRule REMOTE_ADDR "@streq 192.168.1.101" "phase:3,id:'981035',t:none,nolog,pass,ctl:auditEngine=On"