Hello Domas,

Looks like SecRuleEngine is ON right ?
Could you also try change your rule to phase 1 ?

Thanks

Breno

On Thu, Jan 17, 2013 at 4:29 PM, Domas <domas@stats.lt> wrote:
Hello,

I have installed:

Apache 2.2 + suexec (libxml2, etc.)
Mod_security 2.6
Mod_fcgid
I am using APACHE with newest hybrid EVENT MPM. I think it can be related to the problem.

Here is the problem:

Mod_security detects a threat, but do not blocks. Here is a message from audit log:

Message: Access denied with code 403 (phase 4). Pattern match "asdasdasd" at REQUEST_URI. [file "/usr/local/etc/apache22/httpd.conf"] [line "533"] [msg "Access Denied"]
Action: Intercepted (phase 4)
It looks like the client was blocked with exit code 403 - BUT IT WAS NOT!

I tried requesting .html file, for example url with MY MATCH KEYWORD /asdasdasd.html - mod_security has blocked the url as it supposed.

So mod_security does not work with .php files only.

Do you know how to solve the problem ?

Thanks,
Domas


------------------------------------------------------------------------------
Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
MVPs and experts. ON SALE this month only -- learn more at:
http://p.sf.net/sfu/learnmore_122712
_______________________________________________
mod-security-users mailing list
mod-security-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
http://www.modsecurity.org/projects/commercial/rules/
http://www.modsecurity.org/projects/commercial/support/