Excluding group of rules for specific arguments

I see many requests blocked in my modsec_audit.log because of sql injection rules applying to JSESSIONID cookie.

I am trying to avoid those rules for that particular cookie name.

My last attempt was:

SecRuleUpdateTargetByTag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION" "!REQUEST_COOKIES:JSESSIONID"

It does not work. Am I missing something?

Solution

Your syntax looks correct.

Are you specifying this AFTER the SQL Injection rules are loaded into your config? Common mistake.

If not that, then can only suggest you give more details. Including:

Have you restarted Apache to pick up this change?
Can you give an example of errors in your logs?
Have you tried debug mode to give more detail of what's happening and if your override is being picked up?