Open akefallonitis opened 4 years ago
Even with REQUEST_BODY disabled ModSecurity starts phase 2 to check POST Data
[159835978570.134615] [xxxxx] [4] (Rule: 5040) Executing operator "Rx" with param "^/.+/(xx)?xxx/|^/.+/xxx/|^/.+/xml/" against REQUEST_FILENAME. [159835978570.134615] [xxxxx] [4] Rule returned 1. [159835978570.134615] [xxxxx] [4] Running (disruptive) action: allow. [159835978570.134615] [xxxxx] [4] Dropping the evaluation of upcoming rules in favor of an `allow' action of type: FromNowOn [159835978570.134615] [xxxxx] [4] Starting phase REQUEST_BODY. (SecRules 2) [159835978570.134615] [xxxxx] [4] Request body processing is disabled [159835978570.134615] [xxxxx] [4] Starting phase REQUEST_BODY. (SecRules 2)
Even when explicit exclude the request (rule 5040 whitelisting) it keeps starting and checking REQUEST_BODY as shown in the above debug_log
Even with REQUEST_BODY disabled ModSecurity starts phase 2 to check POST Data
Even when explicit exclude the request (rule 5040 whitelisting) it keeps starting and checking REQUEST_BODY as shown in the above debug_log