I'm really new to modsecurity and I'm having some issues in understanding the rule editing.
I need to return 200 to the requests arriving form a specific endpoint that starts with /myendpoint/ but I still want to deny the endpoint to do anything else.
I've checked on the web but I cannot find a solution that works fine for me.
# ModSec Rule Exclusion: 930100
SecRule REQUEST_URI "@beginsWith \/myendpoint\/" "phase:2,log,block,status:200,id:10000,ctl:ruleRemoveById=930100"
The rule above doesn't look like it's working at all and the requests are still blocked but the status 200 is not returned.
I need this because I have integrated the endpoint to a Telegram bot but if it receives a 403, the bot will keep sending the same message continuously for 24 hours. I think that returning 200 but yet blocking the request to go further would solve the issue.
This is a very peculiar need. But anyways, Azurit has already pointed out the problem with the slashes. I think the other problem is the use of block. I'd do a deny combined with status. Much to my surprise, this works.
SecRule REQUEST_URI "@beginsWith /myendpoint/" "id:1000,phase:1,deny,status:200"