|
From: Chaim S. <CSa...@tr...> - 2015-03-27 14:02:30
|
Saverio, I have occasionally (once) seen such weird behavior when unexpected PCRE errors arise. Can you check your error log and see if anything is firing during this time frame? To quell your fears, DetectionOnly mode is not supposed to block ANYTHING. Chaim Sanders Security Researcher, SpiderLabs Trustwave | SMART SECURITY ON DEMAND www.trustwave.com<http://www.trustwave.com/> From: Saverio [mailto:smi...@ti...] Sent: Thursday, March 26, 2015 11:43 AM To: mod...@li... Subject: [mod-security-users] Traffic affected in spite of SecRuleEngine DetectionOnly Hello, I've recently setup ModSecurity, as Nginx (1.6.2) module, with the pretty much standard configuration (modsecurity.conf-recommended and OWASP modsecurity_crs_10_setup.conf.example). I wanted to set it up only for detection; I've checked the built configuration file, and it contains "SecRuleEngine DetectionOnly", which, as far as I understand, should cause ModSecurity to inspect the traffic, but not interfere with it. Unexpectedly (to me), this caused 404s on some requests. Is this actually expected? Is there anything else I should configure in order to be completely sure that the traffic is not affected in any way? Thanks, Saverio ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. |
