|
|
|
Re: secRuleRemoveById not working: msg#00133apache.mod-security.user
>From Dan: > Hi im trying to pass this rule through , to ignore url encoding for this > script however it still gets caught in the audit log. It also seems all > the default rules downloaded i have to change to auditlog instead of log > to log to the modsec audit log rather than apache error log. > <LocationMatch "/path/script.php"> > SecRuleRemoveById 50107 > </LocationMatch> Rule 50107 executes in phase 1. Apache Location and LocationMatch tag are not evaluated yet during this phase, so you cannot use it to bypass this rule. Currently your base choice is to move rule 50107 to phase 2. Actually I think that in future releases of the rule set I may delay most rules to phase 2 for that reason until we find a way to use Location in phase 1. As for logs: the rule set by default output events to both Apache error log and ModSecurity audit log. The ModSecurity console uses the audit log, which is also has more details, but different SIM solutions work out of the box with Apache error log. I would love to hear more input on that. ~ Ofer ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV |
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| Previous by Date: | [solved] erratic http error code: 00133, Felix Nawroth |
|---|---|
| Next by Date: | Re: [solved] erratic http error code: 00133, Ivan Ristic |
| Previous by Thread: | secRuleRemoveById not workingi: 00133, Dan Rossi |
| Next by Thread: | Re: secRuleRemoveById not working: 00133, Dan Rossi |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
|
|
| News | FAQ | advertise |