Apache - How to exclude a page from being scanned for a specific rule
Posted by - NA -, Last modified by on 27 July 2009 12:16 PM
Example: To exclude the -- (Classic SQL Comment) rule for the URL http://www.site.com/admin/post.php the following should appear:
- Logon to the dotDefender Admin panel
- Select the "Settings" button for the site you wish to exclude the rule for the specific page. If the site's operation mode is set to "Use Default", edit the Default Profile or set the operation mode to "Protection" in order to manage a separate rule set for the specified site.
- In the Configuration page, select the category in which the rule resides
- Scroll to the bottom of the page
- In the bottom, starting on the left, select the following from the dropdown menus: "SecFilterSelective" and "Request_URI", type the exclusion expression in the following format: !(/path/to/page/to/exclude) and click the ADD button.
- After the page refreshes, scroll down to the rule which has just been created.
- Click on the "Move Up" arrow next to the rule until it appears right below the rule to be excluded for the page.
- In the rule to be excluded, select the Chain option from the dropdown menu on the right and click the Save button.
- Click the Index button to return to the main page and click the Refresh Settings button for settings to take effect.
|# Classic SQL Comment "--"|