Solved. Thanks David Naraghi for your help

 

ModSecurity error logs on Windows can be found in Event Viewer -> Application Logs.

 

It was a  “No action id present within the rule” error.

 

 

 

From: Weiss, Michael C [mailto:Michael.Weiss2@VerizonWireless.com]
Sent: Tuesday, June 03, 2014 12:54 PM
To: 'mod-security-users@lists.sourceforge.net'
Subject: [mod-security-users] SecAction breaks custom config file

 

Version: ModSecurityIIS_2.8.0-64b

 

Problem:

I’m trying to use SecAction in my custom rules file. Whenever I place even the most basic SecAction command in my config it breaks so I don’t think it has to do with my syntax. I’ve copy and pasted rules from the documentation to see if they would work and they don’t. Does IIS log when modsecurity experiences a syntax error?

 

The rule I would like to use:

SecRule "ChartImage" "@contains ChartImage" "phase:1,t:none,nolog,pass,ctl:ruleRemoveById=981173"

 

These work perfectly:

SecRuleRemoveById 973347

SecRuleUpdateTargetById 981173 !ARGS:txtUserName_ClientState

 

 

 

Thanks,

Mike