Skip to content
This repository has been archived by the owner on May 14, 2020. It is now read-only.

Order of ModSecurity Actions in CRS rules

Jump to bottom
Ervin Hegedus edited this page Sep 4, 2019 · 5 revisions

This is the recommended order of ModSecurity actions:

id
phase
allow | block | deny | drop | pass | proxy | redirect
status
capture
t:xxx
log
nolog
auditlog
noauditlog
msg
logdata
tag
sanitiseArg
sanitiseRequestHeader
sanitiseMatched
sanitiseMatchedBytes
ctl
ver
severity
multiMatch
initcol
setenv
setvar
expirevar
chain
skip
skipAfter

The cleanup of the rules is happening for 3.2-dev and tied to issue 1532: https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/1532

Clone this wiki locally