Re: [mod-security-users] selectively disable logging or auditing
Brought to you by:
victorhora,
zimmerletw
From: Ryan B. <RBa...@tr...> - 2011-09-16 00:46:26
|
Check out the FAQ - http://sourceforge.net/apps/mediawiki/mod-security/index.php?title=FAQ#How_do_I_whitelist_an_IP_address_so_it_can_pass_through_ModSecurity.3F Look at the last example where it uses the ctl:auditEngine=Off action. Just update the rule to check the URL you want instead of an IP address. Ryan On Sep 15, 2011, at 7:20 PM, "Frantisek Hanzlik" <fr...@ha...> wrote: > First, please excuse for probably beginners question. > Recently I start using mod_security on small server, where Apache > on gateway is used mainly for webmail a some internal demands > (eg. downloading files). > > What I now see, modsec_audit.log files are quite big (several hunderts > megabytes per month), and 95% of their size are about logging requests > to access Web Proxy autoconfiguration file ("GET /wpad.dat"). Because > I probably not need log this access, i would like implement something > to suppress mod_security auditing or logging this. When more concretize > problem: > Is somehow possible disable auditing and/or logging "GET /wpad.dat" > and "GET /wpad.da" requests comming from 192.168.0.0/22 network? > > I was trying some attempts to solve this, but, due to complexity > mod_security rules, still without success. > My system is Fedora 12 i686 Linux with mod_security-2.5.12 > > Thanks in advance, Franta Hanzlik > > ------------------------------------------------------------------------------ > BlackBerry® DevCon Americas, Oct. 18-20, San Francisco, CA > http://p.sf.net/sfu/rim-devcon-copy2 > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > ModSecurity Services from Trustwave's SpiderLabs: > https://www.trustwave.com/application-security.php > This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. |