azurit
azurit
@msepczuk Rule `920220` is matching against `REQUEST_URI_RAW`, not `ARGS` so you need to modify your exclusion rule. Also, do not prefix variable with `!` when using `ctl:ruleRemoveById`, this is incorrect...
@msepczuk Transformation `t:urlDecodeUni` is converting the data only inside modsecurity, it has no effect on what data are send to the application. Your exclusion rule will probably doesn't work as...
By the way, you should put your exclusion rule into file `/etc/apache2/modsecurity-crs/coreruleset-3.3.0/rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf`.
No, modsecurity is NOT modifing the data, this is something your web server or application is supposed to do.
`ARGS` and `ARGS_NAMES` are automatically decoded by web server so modsecurity sees decoded value (as you can see in the log) - use `
@msepczuk You have typo in that exclusion rule, see (`c` at the end): `ctl:ruleRemoveById=941100c`
@msepczuk You are doing the same mistakes all the time (like searching for encoded value but using `t:urlDecodeUni`). You really need to think what you are doing, everything needed was...
What else do you need? What exactly is not working for you?
@msepczuk You need to pay more attention on what you are doing and reading - you have another typo-like error in your rule 123456789: you are removing rule `941100` but...