On Fri, Oct 25, 2013 at 10:04 AM, Winfried Neessen <neessen@cleverbridge.com> wrote:

Wouldn't changing the SecAuditLogRelevantStatus to your example, prevent
ModSec from
logging any 401 event to the audit log, even if I send it to the user using
"deny,status:401,log"?

If not, that's exactly what I'm looking for.


Hi Winfried,

I just tested this setup and ModSec logged the event that matched the following rule:
SecRule ARGS "test" "id:2,phase:2,deny,status:401,log"

--
 - Josh
 

Thanks
Winfried

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (MingW32)
Comment: Using gpg4o v3.1.107.3564 - http://www.gpg4o.de/
Charset: utf-8

iQGcBAEBAgAGBQJSahgBAAoJEHA9PkTtvSL4nTYMAIayN/gH30ZsZr8rLL2FmfmD
IeO31Ev0X5Ibuf0HLvof+5zATDTkMzRj98HSv/sIeJiw/bGT9n224UkEcVR6MZ5N
jvU53TCYe6GGzslAHBAzytL0PcI+DRghNAQ0/mAJyiynjO7km50zJ47isk0N2edE
6SfHtChpTGB41W1tjfs5J5T3A2NcFaDlwdLOOfUOORx6Y59in80SZv8r8d1q8RyW
2oHlv4jiTUxg3CektFUDt6KHXCvE4kQG/i35jxPHQ4umc3kABiClHadxN/p9LEQM
VufTE+Rgzyd4CzIuvbCA7UFjCRT9eKoigy+HffEk7yjMGqiAePLhFKB7NvlqJ7R7
rufQ6E+1Enz6cI6OzSwFNv1p+NGSVKl3q74DkrEapeJnXl0ZCauNx4zX4XEU7zIH
dmot4jZ6fgsG+NGRMue288P164944KYum+kr8ZFOtaJBQx6cpgJX+9F24Q13Q0Nl
pi8kVw83LFlFF6ceQOkweYCBi2tDQavnjB5oJqMSYw==
=/1Jp
-----END PGP SIGNATURE-----

------------------------------------------------------------------------------
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60135991&iu=/4140/ostg.clktrk
_______________________________________________
mod-security-users mailing list
mod-security-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
http://www.modsecurity.org/projects/commercial/rules/
http://www.modsecurity.org/projects/commercial/support/