mod_security: A rule to allow POST requests without a request body

前端未结

关注

 1  1711

I have Apache 2.4 and mod_security 2.9.1 installed, and it is working, with some very basic rules.

I am trying to make a POST request that includes some header info

相关标签:

1条回答

2021-01-16 07:18

You can disable body access for a request with zero body length:

SecRule REQUEST_BODY_LENGTH "@eq 0" "id:12345,phase:1,nolog,ctl:requestBodyAccess=off"

Or if you only want to do this on a certain URL then use a chained rule like this:

SecRule REQUEST_URI /my/weird/api "phase:1,id:12346,nolog,chain"
   SecRule REQUEST_BODY_LENGTH "@eq 0" "ctl:requestBodyAccess=off"

0 讨论(0)