Hi, I would like help of you.

I am having a problem with a RFI attack.

If I have a link like this "http://192.168.1.102/file.php?arg=http://192.168.1.101/index.html" in a request, the ModSecurity detects the attack.

But, if I have a link like this "http://192.168.1.102/file.php?arg=http://www.valid-domain.com/index.html" in a request, the ModSecurity don't detects the attack.

Does anyone know what might be happening?

Best Regards.