Skip to content

EsadCetiner/iredadmin-rule-exclusions-plugin

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

40 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Integration tests

iRedAdmin-rule-exclusions-plugin

This plugin contains rule exclusions to fix false positives when using iRedMail's iRedAdmin with the OWASP Core Rule Set.

Disclaimer: The Pro version of iRedAdmin is not supported but Pull Requests/Issues are welcomed for iRedAdmin Pro users.

Requirements

  • CRS Version 4.0 or newer
  • ModSecurity compatable Web Application Firewall

Installation

For full and up to date instructions on installing plugins, please refer to How to Install a Plugin in the official CRS documentation.

Conditionally enable plugins for multi-application environments

For full and up to date instructions on how to conditionally enable/disable this plugin on a multisite environment, please refer to Conditionally enable plugins for multi-application environments in the official CRS documentation.

Disabling the plugin

The plugin can be disabled by uncommenting rule 9521000 inside plugins/iredadmin-rule-exclusions-config.conf or by removing the includes for this plugin.

Reporting false positives

If you find a false positive that this plugin does not cover then please open a new issue or pull request, if creating an issue then please include the following details:

  1. CRS Version
  2. ModSecurity/Coraza Version
  3. modsec audit logs
  4. what caused the false positive