[Mod-security-rules] Changing AuditLogRelavantStatus in rule

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Is there a way to use a rule to change the regex for the Main config option:

SecAuditLogRelevantStatus "^(?:5|4(?!04))"

For instance, if I wanted to send 400 and 500 status codes to the audit log for all requests except those matching a certain IP address for which I wanted to catch only 500 codes:

SecRule REMOTE_ADDR "@ipMatch xxx.xxx.xxx.xxx" \
     "id:100,\
     phase:1,\
     pass,\
     nolog,\
     ctl:auditLogRelevantStatus=‘^5’”

Thanks for any help.