This plugin contains rule exclusions to fix false positives when using iRedMail's iRedAdmin with the OWASP Core Rule Set.
Disclaimer: The Pro version of iRedAdmin is not supported but Pull Requests/Issues are welcomed for iRedAdmin Pro users.
- CRS Version 4.0 or newer
- ModSecurity compatable Web Application Firewall
For full and up to date instructions on installing plugins, please refer to How to Install a Plugin in the official CRS documentation.
For full and up to date instructions on how to conditionally enable/disable this plugin on a multisite environment, please refer to Conditionally enable plugins for multi-application environments in the official CRS documentation.
The plugin can be disabled by uncommenting rule 9521000 inside plugins/iredadmin-rule-exclusions-config.conf or by removing the includes for this plugin.
If you find a false positive that this plugin does not cover then please open a new issue or pull request, if creating an issue then please include the following details:
- CRS Version
- ModSecurity/Coraza Version
- modsec audit logs
- what caused the false positive