Can Sensitivity for OWASP ModSecurity Core Rule Set applied conditionally based on Managed Firewall Rule

My question is about best handling of the false positive for OWASP ModSecurity Core Rule Set

Rule ID: OWASP Block (981176)
Rule message: Inbound Anomaly Score Exceeded
Rule group: OWASP Inbound Blocking
OWASP Score: 25
Action taken: Block

We have WAF enabled and we have Package: OWASP ModSecurity Core Rule Set On with High to Block.

We have also firewall for the 3d party partners set currently to Allow.

Some of their requests do trigger false positive on the OWASP Block (981176)

I have looked at:

From that I think my plan B would to set Firewall Rule to BYPASS, but …
My Plan C would be to lower the sensitivity of OWASP ModSecurity Core Rule Set

Plan A: It would great if I can lower the sensitivity of the OWASP ModSecurity Core Rule Set for any requests that matched the Firewall Rule. This way for partners I still have the OWASP on lower level and I have OWASP for the rest requests on the same level.
Does anyone know if it is possible?

2nd part of the question if anyone has better suggestion on desirability of plans A, B and C I got above. Perhaps I am misjudging desirability of approaches listed in OWASP Block (981176)

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.