On Fri, Aug 27, 2010 at 10:40 PM, tom <tom@t0mb.net> wrote:
Hi Ryan,

Thanks for getting back to me so soon.  I'm quite happy to keep the rule
simple for the moment, and really did just want to know why it wasn't
working.  I do have more complex rules in the armory so to speak, and
will probably do more with mod_sec, which I'm just dipping my toes in to
at the moment :)  I can see from the rule that you posted that I was
just missing the beginning and end of line specifiers ^$, so that's
fixed my rule so that it's matching the things I want it to match now,
so thanks for that!  It still seems to let requests through though,

Hi Tom,

Does ModSec let all requests that match through or just intermittent ones? Did you try increasing the SecDebugLogLevel to clarify what is happening? Also silly question, but is SecRuleEngine set to On?

 - Josh