The debug log is you friend here. Crank the SecDebugLogLevel to 9 and see what is going on. The debug log should show you all macro expansions and values used.

-----Original Message-----
From: John Wigley []
Received: 11/22/09 9:48 PM
To: []
Subject: [mod-security-users] LT operator seems to fail to correctly compare two variables

I've been trying to diagnose some epoch time comparison rules which are failing to fire as expected, and in the process of debugging I've hit upon what seems to be a bug in the numeric operators. This seems hard to believe, but I cannot identify why the first rule fires as expected but the 2nd does not.
Can anyone shed any ideas on what I'm doing wrong on this ? Build is 2.5.11 Win32 from ApacheLounge.
#set the variable(s) up first
SecAction "pass,phase:1,setvar:tx.tokexp=10"
#This rule should obviously fire, and does so
SecRule TX:tokexp "@lt 20" "phase:1,deny,t:none"
# Then try it the way I need it to work by comparing two variables rather than the previous example of comparing a variable to a constant
SecAction "pass,phase:1,setvar:tx.timeepoch=20"
#This rule should also fire, and does NOT
SecRule TX:tokexp "@lt %{tx.timeepoch}" "phase:1,deny,t:none"
These rules aren't actually what I'm trying get to work because they're obviously pointless, but they illustrate the problem I'm having.
Thanks for any inspiration,