Hi Nico.

Im not too pretty sure of how to do it but you can search in your mod_security audit/debug logs for the uniq_id and you will be able to find the mod_security rule number. With that info you could disable that rule on the mod_security rules.

Ill hope this will help you.

Regards,


2013/6/28 Nico Hulkenberg <nicohulk@india.com>

Team now i am getting constantly these error msgs updated in both error log and modsec, where in wanted to avoid it appending in all and restrict it to assigned file alone.

This kind of update is confusing me to look for apache related error logs

Example apache error log

[Fri Jun 28 10:55:21 2013] [error] [client 103.21.76.34] ModSecurity: Phase 5 [hostname "www.mydomain.com"] [uri "/index.php/network_routes"] [unique_id "Uc0eQcCoErUAAG31O80AAAAu"]
[Fri Jun 28 10:55:21 2013] [error] [client 182.72.66.10] ModSecurity: Phase 5 [hostname "www.mydomain.com"] [uri "/index.php/network_routes"] [unique_id "Uc0eQcCoErUAAGLazXwAAAAW"]
[Fri Jun 28 10:55:21 2013] [error] [client 115.114.52.1] ModSecurity: Phase 5 [hostname "www.mydomain.com"] [uri "/apx/mmtx/server.php"] [unique_id "Uc0eQcCoErUAAGJDZu4AAABf"]

Modsec version : 2.7

apache 2.2.3

Enviornment : Linux 2.6.32

Also wanted to completely switch off the mlogc, could that be possible.

Nic


------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:

Build for Windows Store.

http://p.sf.net/sfu/windows-dev2dev
_______________________________________________
mod-security-users mailing list
mod-security-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
http://www.modsecurity.org/projects/commercial/rules/
http://www.modsecurity.org/projects/commercial/support/