SecAction "id:10102,phase:1,drop,nolog,noauditlog" does logging

30 views
Skip to first unread message

DI Hans Mayer

unread,
Nov 6, 2024, 2:46:47 PM11/6/24
to ModSecurity Core Rule Set project


Dear All,

I hope it's OK to post some questions in this group. If not be so kind and advise me what is the right place for communication. 

I am using Apache/2.4.62 on Debian with the modsecurity-crs package which is Producer ModSecurity for Apache/2.9.7
and I am using a clone of https://github.com/coreruleset/coreruleset.git

In the default Apache virtual host definition I have the following settings:

    <IfModule security2_module>
        SecAction "id:10102,phase:1,drop,nolog,noauditlog"
    </IfModule>

This works fine till Rule Set OWASP_CRS/3.3.7
All requests are dropped and no log is generated. Also older versions than 3.3.7 are doing the job well.

Recently I changed to OWASP_CRS/4.9.0-dev
I realised that this rule isn't working as before. It still drops the requests but "nolog" or "noauditlog" isn't working, so to say, I get log entries which I don't want to have. I checked out version 4.0, it's still the same.
To switch back to latest version of 3 is an easy and fast step but maybe there is a way to do the same with version 4.
Any ideas where I can look deeper into this issue ?  Any help would be appreciated.

Kind regards
Hans

-- 


Reply all
Reply to author
Forward
0 new messages