[Mod-security-rules] Changing AuditLogRelavantStatus in rule
Brought to you by:
victorhora,
zimmerletw
From: Steve H. <ham...@gm...> - 2020-04-29 14:14:41
|
Is there a way to use a rule to change the regex for the Main config option: SecAuditLogRelevantStatus "^(?:5|4(?!04))" For instance, if I wanted to send 400 and 500 status codes to the audit log for all requests except those matching a certain IP address for which I wanted to catch only 500 codes: SecRule REMOTE_ADDR "@ipMatch xxx.xxx.xxx.xxx" \ "id:100,\ phase:1,\ pass,\ nolog,\ ctl:auditLogRelevantStatus=‘^5’” Thanks for any help. |