Solved. Thanks David Naraghi for your help


ModSecurity error logs on Windows can be found in Event Viewer -> Application Logs.


It was a  “No action id present within the rule” error.




From: Weiss, Michael C []
Sent: Tuesday, June 03, 2014 12:54 PM
To: ''
Subject: [mod-security-users] SecAction breaks custom config file


Version: ModSecurityIIS_2.8.0-64b



I’m trying to use SecAction in my custom rules file. Whenever I place even the most basic SecAction command in my config it breaks so I don’t think it has to do with my syntax. I’ve copy and pasted rules from the documentation to see if they would work and they don’t. Does IIS log when modsecurity experiences a syntax error?


The rule I would like to use:

SecRule "ChartImage" "@contains ChartImage" "phase:1,t:none,nolog,pass,ctl:ruleRemoveById=981173"


These work perfectly:

SecRuleRemoveById 973347

SecRuleUpdateTargetById 981173 !ARGS:txtUserName_ClientState