Solved. Thanks David Naraghi for your help
ModSecurity error logs on Windows can be found in Event Viewer -> Application Logs.
It was a “No action id present within the rule” error.
I’m trying to use SecAction in my custom rules file. Whenever I place even the most basic SecAction command in my config it breaks so I don’t think it has to do with my syntax. I’ve copy and pasted rules from the documentation to see if they would work and they don’t. Does IIS log when modsecurity experiences a syntax error?
The rule I would like to use:
SecRule "ChartImage" "@contains ChartImage" "phase:1,t:none,nolog,pass,ctl:ruleRemoveById=981173"
These work perfectly:
SecRuleUpdateTargetById 981173 !ARGS:txtUserName_ClientState