Hi,

 

I am running mod_security on an Apache webserver. I've configured a IP whiteliste for some internal

users, that I want to be unfiltered- which is working as expected.

 

Problem is, when an internal user causes a HTTP 401 (Authorization Required) or HTTP 400 (Bad Request)

these requests still show up in the Audit log as "Apache-Error":

 

--c9db3f2a-H--

Apache-Error: [file "mod_auth_basic.c"] [line 257] [level 3] user xyz: authentication failure for "/zyx/foobar": Password Mismatch

Stopwatch: 1382537523511498 1212 (- - -)

Stopwatch2: 1382537523511498 1212; combined=308, p1=149, p2=0, p3=1, p4=69, p5=56, sr=57, sw=33, l=0, gc=0

Response-Body-Transformed: Dechunked

Producer: ModSecurity for Apache/2.7.4 (http://www.modsecurity.org/)

Server: Apache

Engine-Mode: "ENABLED"

 

I've set up the whitelist rule with "nolog" action, but still these are getting logged. Is there a way to

avoid this?

 

 

Thanks

Winfried