How to disable a rule that matches no rule number in waf?

nvnaders · **Posted:** Tue Oct 23, 2012 4:57 pm

Complete ASL newb here and need a little help.

ASL is blocking part of my cgi script with this rule but when I search for rule 60118 in WAF it comes up empty. Can anyone tell me how I disable this rule so my cgi works properly?

Here is the alert I get when I try to use my ubr uploader script.

Rule: 60118 fired (level 7) -> "Access attempt blocked by Mod Security."
[403] [/20121023/20121023-1159/20121023-115940-iw8G6lURVx4AAHnnVnUAAAAC] [file "/etc/httpd/modsecurity.d/99_asl_jitp.conf"] [line "2873"] [id "393134"] [rev "1"] [msg "Atomicorp.com WAF Rules - Virtual Just In Time Patch: Test.fcgi or test.cgi access"] [severity "CRITICAL"] Access denied with code 403 (phase 2). Pattern match "/test\\.f?cgi" at REQUEST_URI.

mikeshinn · **Posted:** Wed Oct 24, 2012 12:15 pm

Thanks for the question. The rule id for this event is 393134:

Rule: 60118 fired (level 7) -> "Access attempt blocked by Mod Security."
[403] [/20121023/20121023-1159/20121023-115940-iw8G6lURVx4AAHnnVnUAAAAC] [file "/etc/httpd/modsecurity.d/99_asl_jitp.conf"] [line "2873"] [id "393134"] [rev "1"] [msg "Atomicorp.com WAF Rules - Virtual Just In Time Patch: Test.fcgi or test.cgi access"] [severity "CRITICAL"] Access denied with code 403 (phase 2). Pattern match "/test\\.f?cgi" at REQUEST_URI.

The best way to do change rules is to log into the ASL gui, click on the event, and then click Manage Rule which will open that rules settings directly.

nvnaders · **Posted:** Fri Nov 02, 2012 9:35 am

Thanks. That Rule: 60118 had me guessing. I'll take a look.

How to disable a rule that matches no rule number in waf?

Who is online