Re: [mod-security-users] Selective "DetectionOnly"

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

On Fri, 2017-12-22 at 18:07 +0100, Christian Folini wrote:

Hey Ed,

The way I write the whitelisting rules I use in production is that I separate
the rules from the action. That way I can switch the action lever (detection /
blocking) with a single config item.

I do not see any conceptual problem to use multiple variables to track
violations. One for the final blocking action and one for the final log-only
action.

Best,

Christian

Christian, could you post an example of this?

Thanks,

--

Ed Greenberg  |  Web Developer and LInux System Administrator
________________________________
HAPPY Software, Inc. l  Work HAPPY-er!
t. 888-484-2779  l  f. 518-584-5388

This message and any of its attachments are intended only for the use of the designated recipient, or the recipient’s designee, and may contain information that is confidential or privileged. If you are not the intended recipient, please immediately notify HAPPY Software, Inc., delete all copies of the message and any attachments and do not disseminate or make any use of their contents.