I'm having a problem with the following rule:
SecFilter "/bin/davetest" "exec:/usr/local/mod_sec/report-attack.sh"
where the contents of /usr/local/mod_sec/report-attack.sh are
$data = ob_get_contents();//save it in a variable for later use
echo "Done! \n";
$file = "/tmp/davetest.txt";
$open = @fopen($file, "w");
The file will execute from the command line, and it looks like it's processed in the audit log:
mod_security-message: Access denied with code 403. Pattern match "/bin/davetest" at REQUEST_URI [severity "EMERGENCY"]
But I never get an email and the file is never written. Am I doing something wrong?
php version 4.4.0
Thanks for any help