Hi Daniele,

What rules are you running? If your running the OWASP Core Rule Set, try configuring the rules to use anomaly scoring mode.

Hello Josh.
Thanks for your reply.
I'm new to modsecurity, but I've installed:

ii  modsecurity-crs                      2.2.0-1                           modsecurity's Core Rule Set

 
So I think that I'm using CRS.

I've read about anomaly scoring mode, but I think that my configuration is correct yet; into

/etc/modsecurity/modsecurity_crs_10_setup.conf 


I have

SecDefaultAction "phase:2,pass,nolog,noauditlog"


Thanks

Daniele


--
 - Josh
 
I've read many posts, I've tried different configurations, with no results.
My conf now is:

SecAuditEngine RelevantOnly

SecAuditLogRelevantStatus "^(?:5|4(?!04))"

SecAuditLogParts ABIDEFGHZ#SecAuditLogParts ABIJDEFHZ

SecDefaultAction "nolog,noauditlog,pass,phase:2"

SecAuditLogType Concurrent

SecAuditLogStorageDir /var/log/apache2/mlogc/data

SecAuditLog "|/usr/bin/mlogc /etc/mlogc.conf"


Into waf-fle I can see all transactions.

My modsecurity version is:


ii  libapache2-modsecurity               2.6.3-1ubuntu0.2                  Tighten web applications security for Apache


I've tried to install 2.7 version from source, with no luck.


Any suggestion will be appreciated.


Daniele Gallarato
______________________________________________________
Gli animali sono miei amici...e io non mangio i miei amici.

-- George Bernard Shaw

-- http://www.saicosamangi.info/ --

------------------------------------------------------------------------------
Android is increasing in popularity, but the open development platform that
developers love is also attractive to malware creators. Download this white
paper to learn more about secure code signing practices that can help keep
Android apps secure.
http://pubads.g.doubleclick.net/gampad/clk?id=65839951&iu=/4140/ostg.clktrk
_______________________________________________
mod-security-users mailing list
mod-security-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
http://www.modsecurity.org/projects/commercial/rules/
http://www.modsecurity.org/projects/commercial/support/



------------------------------------------------------------------------------
Android is increasing in popularity, but the open development platform that
developers love is also attractive to malware creators. Download this white
paper to learn more about secure code signing practices that can help keep
Android apps secure.
http://pubads.g.doubleclick.net/gampad/clk?id=65839951&iu=/4140/ostg.clktrk
_______________________________________________
mod-security-users mailing list
mod-security-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
http://www.modsecurity.org/projects/commercial/rules/
http://www.modsecurity.org/projects/commercial/support/