2Eki
ModSec Head Scratcher – Rule Exceptions ignored
Sorry if this is a "noob" mistake, which I am sure it is, but I can't figure out why ModSec is ignoring my rule exception.
Situation (Debian 10): I have a ssl secured url for Monit monitoring software, that works on www.example.com:3286 , which as verified by my Apache2 error logs, triggers modsec rule id 920350 thereby blocking my access to the Monit web GUI.
I used echo "SecRuleRemoveById 920350" >> /etc/modsecurity/modsecurity.conf
to append the rule exception to modsecurity.conf (went back and verified its presence). Then restarted apache. Rule ignored.
So then, I tried adding the exception directly to the vhost of www.example.com using:
<ifModule mod_security2.c>
SecRuleRemoveById 920350
</ifModule>
Then restarted apache, and the exception was ignored again.
What am I missing?