we have several ModSecurity rules where the syntax <LocationMatch> is included.
Is there an alternative syntax for the Kemp WAF?

1 comment

Mark Deegan

hello Edv,

We get our rules from ModSecurity and I found the following information on these rules from here: https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual

Most of the ModSecurity directives can be used inside the various Apache Scope Directives such as VirtualHost, Location, LocationMatch, Directory, etc... There are others, however, that can only be used once in the main configuration file. This information is specified in the Scope sections below. The first version to use a given directive is given in the Version sections below.

These rules, along with the Core rules files, should be contained in files outside of the httpd.conf file and called up with Apache "Include" directives. This allows for easier updating/migration of the rules. If you create your own custom rules that you would like to use with the Core rules, you should create a file called - modsecurity_crs_15_customrules.conf and place it in the same directory as the Core rules files. By using this file name, your custom rules will be called up after the standard ModSecurity Core rules configuration file but before the other Core rules. This allows your rules to be evaluated first which can be useful if you need to implement specific "allow" rules or to correct any false positives in the Core rules as they are applied to your site.

Note : It is highly encouraged that you do not edit the Core rules files themselves but rather place all changes (such as SecRuleRemoveByID, etc...) in your custom rules file. This will allow for easier upgrading as newer Core rules are released.

Custom rules can be generated and this is our guide to custom rules: https://support.kemptechnologies.com/hc/en-us/articles/210399183-WAF-Rule-Writing-Guide