Global disabling of a rule problem

Sempiterna · **Joined:** Tue Jun 24, 2008 12:05 pm **Posts:** 145

I just tried to globally disable rule 300023 (Multiple embedded urls in argument), but once i set that global disable option to 'yes' and save.. and then reload that rule info page, it still shows 'no' for globally disabled.

The /etc/asl/rules file shows:

G, waf, 300023,,yes,yes,7,yes,yes,

mikeshinn · **Posted:** Fri Sep 16, 2011 1:28 pm

Is the rule disabled though? This could just be a minor GUI bug. Does the rule trigger?

Sempiterna · **Joined:** Tue Jun 24, 2008 12:05 pm **Posts:** 145

It seems to not trigger anymore so it may indeed just be a GUI bug.

faris · **Joined:** Thu Dec 09, 2004 11:19 am **Posts:** 1846

We see this whenever a rule is disabled. I thought it was a known bug :-(

Sempiterna · **Joined:** Tue Jun 24, 2008 12:05 pm **Posts:** 145

Actually, it is not a GUI problem. I just received a message that the person was 403'ed again on the same rule, eventhough it is in the /etc/asl/rules file. Maybe the line in the file is not formatted correctly for ASL to read and so still sees it as active?

This is very important actually because now we can no longer update the relevant wiki pages on our site. This rule was blocked before using the old ASL 2.x but obviously those no longer work in the new ASL.

Sempiterna · **Joined:** Tue Jun 24, 2008 12:05 pm **Posts:** 145

hmm when i disable the rule using the command line, it seems to work. But now i have 2 lines in /etc/asl/rules. The old one that was done via the GUI (2nd one) and the new one using the cli (1st one):

G,waf,300023,,yes,no,0,no,no,
G, waf, 300023,,yes,yes,7,yes,yes,

The person editing my wiki says it goes through now. Not sure if that is because the 1st line says 'no' on things that may possibly be the 'active response' item, or if it is actually disabled now. The GUI however still shows the rule being active.

Global disabling of a rule problem

Who is online