Recently, I've spent a lot of time tweaking my ModSecurity configuration to remove some false positives. This tutorial will:
- Explain the the various methods of altering ModSecurity rules starting with the crudest and working up to the more specific techniques
- Give some varied examples of custom rules written for exception handling, with a particular focus on the rules distributed by the OWASP Core Rule Set team.
I am calling the process of removing false positives "whitelisting", but technically I should be calling it "exception handling". However, I think more people looking for this information will find it by searching for "whitelisting".