Thank you for answer but i would find quite useful also to audit whatever reaches my web application (without involving the apps developers).

On Mon, Feb 25, 2008 at 5:36 PM, Brian Rectanus <Brian.Rectanus@breach.com> wrote:
As you have seen, ModSecurity audits the initial request (ie what came
from the browser).  This is by design so that you can have the "real"
request in the audit log.

-B

China wrote:
> Hi,
> I've an Apache 2.1.6 web server with mod_rewrite and mod_security 2.1.3.
> I would log in the AuditLog the request URL after the rewrite action,
> but I can log only the URL send to Apache from web browser.
> I've tried with mod_rewrite "PT" flag, changing the modules order in
> Apache configuration file, setting up a SecRule to log in phase 5, but
> the behaviour doesn't change.
>
> How can I obtain the intentional behaviour?
> Thanks in advance.
>
> --
>
> Davide Belloni
>
>
> ------------------------------------------------------------------------
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Microsoft
> Defy all challenges. Microsoft(R) Visual Studio 2008.
> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> mod-security-users mailing list
> mod-security-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/mod-security-users


--
Brian Rectanus
Breach Security



--

Davide Belloni