azurit
azurit
@fzipi Sure.
@bxlxx Thanks for reporting this. It seems logical to do `urlDecodeUni` first.
I checked also other rules and we are doing it the same way (`utf8toUnicode` goes first) everywhere. Not sure if it's the intension or not so we need to discuss...
@leveryd Try adding this line before `m.log`: `pcall(require, "m")`
@Danrancan Hi. As you can see in these log messages, problem is not with images but with cookies (search for `[data`): ```ModSecurity: Warning. Matched "Operator `Rx' with parameter `(?i)(?:^|b[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?u[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?s[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\ (8043...
@Danrancan Please use only my exclusion rule as other rules in the discussion will not resolve your problem completely (they are excluding matched rules only for images / wp-content but...
@Danrancan What about audit logs? Do you still see the same messages logged?
This is probably the issue here: `[hostname "10.8.8.2"]` Try rewriting the exclusion rule like this: ``` SecRule REQUEST_HEADERS:Host "@streq www.mcmo.is" \ "id:9999001,\ phase:1,\ pass,\ t:none,\ nolog,\ ctl:ruleRemoveTargetById=932236;REQUEST_COOKIES:sbjs_first_add,\ ctl:ruleRemoveTargetById=941150;REQUEST_COOKIES:sbjs_current" ```
@Danrancan Please show the logs from your tests.
> but using a [different domain name](https://www.mcmo.is) Byt he way, have you updated the domain name on this line? `SecRule SERVER_NAME "@streq www.mcmo.is" \`