Skip to content
This repository was archived by the owner on May 14, 2020. It is now read-only.

Order of ModSecurity Actions in CRS rules

Jump to bottom
Christian Folini edited this page Jun 24, 2017 · 5 revisions

This is the order of ModSecurity actions used in the ModSecurity Handbook, 2nd edition:

id
phase
disruptive-action (pass,block,deny)
status
capture
t:xxx
log
nolog
auditlog
noauditlog
msg
logdata
tag
sanitiseArg
sanitiseRequestHeader
sanitiseMatched
sanitiseMatchedBytes
ctl
setenv
setvar
chain
skip
skipAfter

The cleanup of the rules is happening for 3.1-dev and tied to issue 808: https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/808

Clone this wiki locally