[mod-security-users] No logging after update, and denying for nothing
Brought to you by:
victorhora,
zimmerletw
From: Carlos A. <can...@gm...> - 2011-06-02 18:51:40
|
Hi ppl, Maybe someone can help me here? I've a server with CentOS 5.4 with modsec 2.5.9 (epel), and today I've updated it to 2.5.12-1 (epel). After changing "modsecurity_crs_10_config.conf" (these new .conf file have a LOT of changes) , line: #SecDefaultAction "phase:2,pass" to SecDefaultAction "phase:2,log,deny" Apache/ModSec is denying ALL my requests: "Forbidden You don't have permission to access / on this server." And I modsec doesnt give me any clues of what is happening. It dont log anything on error_log of my virtualhosts, nor on error_log, or modsec_debug.log.... If I put back "pass", it work, and DONT log any 'notice' or higher level alert to justify this denying. Anyone have any clue? Thanks! |