SecAction "id:10102,phase:1,drop,nolog,noauditlog" does logging
30 views
Skip to first unread message
DI Hans Mayer
unread,
Nov 6, 2024, 2:46:47 PM11/6/24
Reply to author
Sign in to reply to author
Forward
Sign in to forward
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to ModSecurity Core Rule Set project
Dear All,
I hope it's OK to post some questions in this group. If not be so kind and advise me what is the right place for communication.
I am using Apache/2.4.62 on Debian with the modsecurity-crs package
which is Producer ModSecurity for Apache/2.9.7
and I am using a clone of https://github.com/coreruleset/coreruleset.git
In the default Apache virtual host definition I have the following
settings:
This works fine till Rule Set OWASP_CRS/3.3.7
All requests are dropped and no log is generated. Also older versions
than 3.3.7 are doing the job well.
Recently I changed to OWASP_CRS/4.9.0-dev
I realised that this rule isn't working as before. It still drops the
requests but "nolog" or "noauditlog" isn't working, so to say, I get log
entries which I don't want to have. I checked out version 4.0, it's
still the same.
To switch back to latest version of 3 is an easy and fast step but maybe
there is a way to do the same with version 4.
Any ideas where I can look deeper into this issue ? Any help would be
appreciated.