HEX
Server: Apache/2.4.65 (Unix) OpenSSL/1.1.1k
System: Linux server-manager.elshandawiily.com 4.18.0-553.87.1.el8_10.x86_64 #1 SMP Mon Dec 1 05:11:16 EST 2025 x86_64
User: elshanda (1002)
PHP: 7.4.33
Disabled: NONE
$ pwd: /usr/local/apache/modsecurity-owasp-latest/rules/
Upload Files
File: //usr/local/apache/modsecurity-owasp-latest/rules/REQUEST-905-COMMON-EXCEPTIONS.conf
# ------------------------------------------------------------------------
# OWASP ModSecurity Core Rule Set ver.3.3.2
# Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved.
#
# The OWASP ModSecurity Core Rule Set is distributed under
# Apache Software License (ASL) version 2
# Please see the enclosed LICENSE file for full details.
# ------------------------------------------------------------------------


# This file is used as an exception mechanism to remove common false positives
# that may be encountered.
#
# Exception for Apache SSL pinger
#
SecRule REQUEST_LINE "@streq GET /" \
    "id:905100,\
    phase:1,\
    pass,\
    t:none,\
    nolog,\
    tag:'application-multi',\
    tag:'language-multi',\
    tag:'platform-apache',\
    tag:'attack-generic',\
    ver:'OWASP_CRS/3.3.2',\
    chain"
    SecRule REMOTE_ADDR "@ipMatch 127.0.0.1,::1" \
        "t:none,\
        ctl:ruleEngine=Off,\
        ctl:auditEngine=Off"

#
# Exception for Apache internal dummy connection
#
SecRule REMOTE_ADDR "@ipMatch 127.0.0.1,::1" \
    "id:905110,\
    phase:1,\
    pass,\
    t:none,\
    nolog,\
    tag:'application-multi',\
    tag:'language-multi',\
    tag:'platform-apache',\
    tag:'attack-generic',\
    ver:'OWASP_CRS/3.3.2',\
    chain"
    SecRule REQUEST_HEADERS:User-Agent "@endsWith (internal dummy connection)" \
        "t:none,\
        chain"
        SecRule REQUEST_LINE "@rx ^(?:GET /|OPTIONS \*) HTTP/[12]\.[01]$" \
            "t:none,\
            ctl:ruleEngine=Off,\
            ctl:auditEngine=Off"
@ Telegram