protecting Z-push with modsecurity-apache (Debian)

Hi.

I’m running WebApp & Z-Push on the same Apache2 server. While default recommended modsecurity (intrusion detection) config works flawlessly with WebApp, it blocks all Z-Push active-sync access. :(
If i disable modsecurity, it’s also disabled for WebApp.

Does anybody have any template or solution for modsecurity to allow Z-Push active-sync access?

Thanks in advance for any tips or hints (maybe config template…)…

Hi mapo,

maybe the discussion from this thread will be helpful: https://owasp-modsecurity-core-rule-set.owasp.narkive.com/2l5j9W9y/allowing-z-push

Manfred

More than helpful… THANX! (I DID search, but the link you sent didn’t show up…).
It can be tricky to pinpoint the proper configuration on very custom systems…
Well, thanx again. (I own you a beer ;))

Hi mapo,

glad to here you could solve your issue.

Manfred