I'm trying to use a custom request header on a ModSecurity whitelist rule so I can remove specific rules.
SecRule REQUEST_URI "^/admin/index\.html$" \
"id:1004,\
phase:2,\
pass,\
nolog,\
ctl:ruleRemoveById=%{request_headers.x-rules-excluded}"
However, when I try to do it I get the following error on NGINX:
Mar 20 16:18:42 develop-node ip[16035]: nginx: [emerg] "modsecurity_rules_file" directive Rules error. File: /tmp/test.modsec.conf. Line: 1062. Column: 96. Expecting an action, got: ctl:ruleRemoveById=%{request_headers.x-rules-excluded}" in /tmp/test.nginx.conf:28
I wonder if this is even possible to do...
Thanks!
It is not possible. You are trying to perform macro expansion, and it is not supported in ctl actions. You can only pass an integer or a range in ctl:ruleRemoveById.