Hi.

Like this example http://www.modsecurity.org/blog/archives/2008/01/modsecurity_25.html

I guess you could pass and log with:

# Default set in the local config
SecDefaultAction "phase:2,pass,log,auditlog"

Kind regards,


2014-01-31 rewt rewt <rewt@linux-elite.org>:
Dear All,

I am trying to setup a "honeypot" like using modsecurity and iptables.
I am now able to live redirect connection (DNAT) of an attacker to an internal VHOST...
Now i would like to be able to log all trafic GET/POST to that VHOST.

is there a way to let everything pass for that VHOST but capure all in Audit logs  ?



------------------------------------------------------------------------------
WatchGuard Dimension instantly turns raw network data into actionable
security intelligence. It gives you real-time visual feedback on key
security issues and trends.  Skip the complicated setup - simply import
a virtual appliance and go from zero to informed in seconds.
http://pubads.g.doubleclick.net/gampad/clk?id=123612991&iu=/4140/ostg.clktrk
_______________________________________________
mod-security-users mailing list
mod-security-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
http://www.modsecurity.org/projects/commercial/rules/
http://www.modsecurity.org/projects/commercial/support/