Question posted in 
I’m really new to modsecurity and I’m having some issues in understanding the rule editing.
I need to return 200 to the requests arriving form a specific endpoint that starts with /myendpoint/ but I still want to deny the endpoint to do anything else.
I’ve checked on the web but I cannot find a solution that works fine for me.
# ModSec Rule Exclusion: 930100
SecRule REQUEST_URI "@beginsWith /myendpoint/" "phase:2,log,block,status:200,id:10000,ctl:ruleRemoveById=930100"
The rule above doesn’t look like it’s working at all and the requests are still blocked but the status 200 is not returned.
I need this because I have integrated the endpoint to a Telegram bot but if it receives a 403, the bot will keep sending the same message continuously for 24 hours.
I think that returning 200 but yet blocking the request to go further would solve the issue.
2
Answers
Just to be clear: You want to block the request but still return HTTP code 200?
Btw, do NOT escape URI:
"@beginsWith /myendpoint/"
This is a very peculiar need. But anyways, Azurit has already pointed out the problem with the slashes. I think the other problem is the use of
block. I’d do adenycombined with status. Much to my surprise, this works.