Re: [mod-security-users] Modsec_audit.log contains regular 403-Errors

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hi Peter,

On Mon, Jun 17, 2019 at 03:03:27PM +0200, logo wrote:
> I see regular 403 denied messages in the modsec_audit-Log. Is there a way to
> prevent this?
> 

I think this is not the ModSecurity configuration issue,

> --d5087f62-F--
> HTTP/1.1 403 Forbidden
> Content-Length: 9
> Keep-Alive: timeout=5, max=100
> Connection: Keep-Alive
> Content-Type: text/html; charset=iso-8859-1

this part of audit log (F) means the answer from the webserver is 403

> --d5087f62-E--
> 
> --d5087f62-H--
> Apache-Error: [file "mod_authz_core.c"] [line 884] [level 3] AH01630: client
> denied by server configuration: /var/www/html/xxx/server-info

and this (H) showed the detail - your apache configuration is not
complete.

Enable the server-info in that virtualhost, and the error will
gone.

a.