Using Modsecurity and Apache HTTP, how can I whitelist some specific fields in formdata ? I need to allow a specific pattern using the fields' names.
You should make an exclusion. I assume you need a dynamically exclusion, which means it "awakes" during the evaluation of a transaction. I also assume that your endpoint of the form is always the same, so you can make some similar rule (before the others):
SecRule REQUEST_URI "@strEq /path/to/your/form/endpoint" \
"id:1000,\
phase:1,\
t:none,\
nolog,
pass,\
ctl:ruleRemoveTargetById=ID_OF_YOUR_RULE;ARGS:NAME_OF_THE_FORM_FIELD1,\
ctl:ruleRemoveTargetById=ID_OF_YOUR_RULE;ARGS:NAME_OF_THE_FORM_FIELD2,\
ctl:ruleRemoveTargetById=ID_OF_YOUR_RULE;ARGS:NAME_OF_THE_FORM_FIELD3,\
ctl:ruleRemoveTargetById=ID_OF_YOUR_RULE2;ARGS:NAME_OF_THE_FORM_FIELD1,\
ctl:ruleRemoveTargetById=ID_OF_YOUR_RULE2;ARGS:NAME_OF_THE_FORM_FIELD2,\
ctl:ruleRemoveTargetById=ID_OF_YOUR_RULE2;ARGS:NAME_OF_THE_FORM_FIELD3
where the /path/to/your/form/endpoint is the URI of your form. You can choose another operator to check that, eg @rx, @beginsWith and so on. Please make sure you use an anchored expression in case of using @rx.
The ctl actions contain the ID of the rule what you want to exclude, and the NAME_OF_THE_FORM_FIELDs are the fields on your form, what you also want to exclude in the mentioned rule.