Re: [mod-security-users] mod_security 2.5.6 and logging
Brought to you by:
victorhora,
zimmerletw
From: Brian R. <bri...@br...> - 2008-09-01 00:03:22
|
Looks like you have performance measurements on? See ./configure --help and don't specify that --with option as it is for internal testing of rule performance. -B ----- Original Message ----- From: mod...@li... <mod...@li...> To: mod...@li... <mod...@li...> Sent: Sun Aug 31 19:46:55 2008 Subject: [mod-security-users] mod_security 2.5.6 and logging Hello list, is there a possibility to completely turn of logging in mod_security 2.5.6? I mean even the one appearing in the Apache error log? I have the following configuration: ----- SecRuleEngine On SecRequestBodyAccess Off SecResponseBodyAccess Off SecResponseBodyMimeType (null) text/html text/plain text/xml SecResponseBodyLimit 524288 SecDefaultAction "phase:2,allow,nolog,noauditlog,ctl:ruleEngine=Off,ctl:auditEngine=Off,t:lowercase,t:replaceNulls,t:compressWhitespace" SecComponentSignature "core ruleset/1.6.1" SecUploadDir /tmp SecUploadKeepFiles Off SecAuditEngine Off SecAuditLogRelevantStatus "^(?:999)" SecAuditLogType Serial SecAuditLog /var/log/apache2/modsec_audit.log SecAuditLogParts "ABIFHKZ" SecArgumentSeparator "&" SecCookieFormat 0 SecRequestBodyInMemoryLimit 131072 SecDebugLog /var/log/apache2/modsec_debug.log SecDebugLogLevel 0 SecDataDir /tmp SecTmpDir /tmp ----- I added the code below into a <VirtualHost></VirtualHost>: ---- <IfDefine SECURITY> SecRuleInheritance Off SecGeoLookupDb /usr/share/GeoIP/GeoIP.dat SecDefaultAction "phase:1,allow,nolog,noauditlog,ctl:ruleEngine=Off,ctl:auditEngine=Off" SecRule REMOTE_ADDR "@rbl us.countries.nerd.dk" "phase:1,nolog,noauditlog,redirect:http://www.mynewdomain.com/us/" SecRule REMOTE_ADDR "@geoLookup" "phase:1,chain,nolog,noauditlog,redirect:http://www.mynewdomain.com/us/" SecRule GEO:COUNTRY_CODE "@streq US" </IfDefine> ---- But I still get my Apache error log flooded with the following messages: ---- [Mon Sep 01 01:43:25 2008] [error] [client xx.xxx.xxx.xxx] ModSecurity: Phase 1: 205 usec [hostname "www.myolddomain.com"] [uri "/index2.html"] [unique_id "SLssm8CoAPkAACZfHLsAAAAB"] [Mon Sep 01 01:43:25 2008] [error] [client xx.xxx.xxx.xxx] ModSecurity: Rule 1cfa9ea0 [id "-"][file "/etc/apache2/vhosts.d/10_my_vhost.conf"][line "70"]: 97 usec [hostname "www.myolddomain.com"] [uri "/index2.html"] [unique_id "SLssm8CoAPkAACZfHLsAAAAB"] [Mon Sep 01 01:43:25 2008] [error] [client xx.xxx.xxx.xxx] ModSecurity: Rule 1cfaa980 [id "-"][file "/etc/apache2/vhosts.d/10_my_vhost.conf"][line "71"]: 105 usec [hostname "www.myolddomain.com"] [uri "/index2.html"] [unique_id "SLssm8CoAPkAACZfHLsAAAAB"] [Mon Sep 01 01:43:25 2008] [error] [client xx.xxx.xxx.xxx] ModSecurity: Rule 1cfab2d0 [id "-"][file "/etc/apache2/vhosts.d/10_my_vhost.conf"][line "72"]: 0 usec [hostname "www.myolddomain.com"] [uri "/index2.html"] [unique_id "SLssm8CoAPkAACZfHLsAAAAB"] [Mon Sep 01 01:43:25 2008] [error] [client xx.xxx.xxx.xxx] ModSecurity: Rule 1cfaf830 [id "-"][file "/etc/apache2/vhosts.d/10_my_vhost.conf"][line "74"]: 0 usec [hostname "www.myolddomain.com"] [uri "/index2.html"] [unique_id "SLssm8CoAPkAACZfHLsAAAAB"] [Mon Sep 01 01:43:25 2008] [error] [client xx.xxx.xxx.xxx] ModSecurity: Rule 1cfb0150 [id "-"][file "/etc/apache2/vhosts.d/10_my_vhost.conf"][line "75"]: 0 usec [hostname "www.myolddomain.com"] [uri "/index2.html"] [unique_id "SLssm8CoAPkAACZfHLsAAAAB"] [Mon Sep 01 01:43:25 2008] [error] [client xx.xxx.xxx.xxx] ModSecurity: Rule 1cfb07d0 [id "-"][file "/etc/apache2/vhosts.d/10_my_vhost.conf"][line "77"]: 0 usec [hostname "www.myolddomain.com"] [uri "/index2.html"] [unique_id "SLssm8CoAPkAACZfHLsAAAAB"] [Mon Sep 01 01:43:25 2008] [error] [client xx.xxx.xxx.xxx] ModSecurity: Rule 1cfb21f8 [id "-"][file "/etc/apache2/vhosts.d/10_my_vhost.conf"][line "78"]: 0 usec [hostname "www.myolddomain.com"] [uri "/index2.html"] [unique_id "SLssm8CoAPkAACZfHLsAAAAB"] [Mon Sep 01 01:43:25 2008] [error] [client xx.xxx.xxx.xxx] ModSecurity: Rule 1cfb2878 [id "-"][file "/etc/apache2/vhosts.d/10_my_vhost.conf"][line "80"]: 0 usec [hostname "www.myolddomain.com"] [uri "/index2.html"] [unique_id "SLssm8CoAPkAACZfHLsAAAAB"] [Mon Sep 01 01:43:25 2008] [error] [client xx.xxx.xxx.xxx] ModSecurity: Rule 1cfb3198 [id "-"][file "/etc/apache2/vhosts.d/10_my_vhost.conf"][line "81"]: 0 usec [hostname "www.myolddomain.com"] [uri "/index2.html"] [unique_id "SLssm8CoAPkAACZfHLsAAAAB"] [Mon Sep 01 01:43:25 2008] [error] [client xx.xxx.xxx.xxx] ModSecurity: Phase 5: 0 usec [hostname "www.myolddomain.com"] [uri "/index2.html"] [unique_id "SLssm8CoAPkAACZfHLsAAAAB"] ---- How can I prevent mod_security to write those 11 lines for every request? // Steve -- Psssst! Schon das coole Video vom GMX MultiMessenger gesehen? Der Eine für Alle: http://www.gmx.net/de/go/messenger03 ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ mod-security-users mailing list mod...@li... https://lists.sourceforge.net/lists/listinfo/mod-security-users |