Re: secRuleRemoveById not working

Ofer Shezaf wrote:
>
> Rule 50107 executes in phase 1. Apache Location and LocationMatch tag
> are not evaluated yet during this phase, so you cannot use it to bypass
> this rule. Currently your base choice is to move rule 50107 to phase 2.
>
> Actually I think that in future releases of the rule set I may delay
> most rules to phase 2 for that reason until we find a way to use
> Location in phase 1.
>
> As for logs: the rule set by default output events to both Apache error
> log and ModSecurity audit log. The ModSecurity console uses the audit
> log, which is also has more details, but different SIM solutions work
> out of the box with Apache error log. I would love to hear more input on
> that.
>
> ~ Ofer
>
>   

Hi thanks for the input i may move the rules i need to override to 
phase2 then easy. I would prefer if everything was logged to audit log, 
if you are talking about the default action, its set to log, so im 
assuming apache log, i have to put explicitly auditlog for it to log to 
the auditlog. My next complication is trying to get mod unique id 
installed into one of the servers, mod sec doesnt seem to want to load 
without it.

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV