Re: [mod-security-users] Modsec_audit.log contains regular 403-Errors

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hi all,

apparently something goes wrong with the reply to... so this is my 
answer to Ervin's and also Manuel's private responses.

No, it is not my apache config for the server-info-URI. I want it 
blocked for external IPs!

Best regards

Peter

Am 2019-06-17 16:24, schrieb logo:
> Hi Ervin,
> 
> that's the point, I've limited that access to server-info to internal
> IPs. External IPs will be blocked - as expected, but I don't need that
> in the audit-log.
> 
> Best regards
> 
> Peter
> 
> 
> Am 2019-06-17 16:05, schrieb Ervin Hegedüs:
>> Hi Peter,
>> 
>> On Mon, Jun 17, 2019 at 03:03:27PM +0200, logo wrote:
>>> I see regular 403 denied messages in the modsec_audit-Log. Is there a 
>>> way to
>>> prevent this?
>>> 
>> 
>> I think this is not the ModSecurity configuration issue,
>> 
>>> --d5087f62-F--
>>> HTTP/1.1 403 Forbidden
>>> Content-Length: 9
>>> Keep-Alive: timeout=5, max=100
>>> Connection: Keep-Alive
>>> Content-Type: text/html; charset=iso-8859-1
>> 
>> this part of audit log (F) means the answer from the webserver is 403
>> 
>>> --d5087f62-E--
>>> 
>>> --d5087f62-H--
>>> Apache-Error: [file "mod_authz_core.c"] [line 884] [level 3] AH01630: 
>>> client
>>> denied by server configuration: /var/www/html/xxx/server-info
>> 
>> and this (H) showed the detail - your apache configuration is not
>> complete.
>> 
>> Enable the server-info in that virtualhost, and the error will
>> gone.
>> 
>> 
>> a.