Re: [mod-security-users] nolog rule still logs
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] nolog rule still logs
|
From: Ehsan M. <ehs...@gm...> - 2021-04-04 04:35:45
|
Hi try "id:1000,nolog,noauditlog,deny" On Sat, Apr 3, 2021 at 10:12 PM Bren via mod-security-users < mod...@li...> wrote: > Hello, > > I've been working to roll out ModSecurity on Nginx (OpenResty 1.19.3.1 / > nginx-1.19.3). I compiled the Nginx connector against the Debian 10 version > of libmodsecurity (v3.0.3, but this happens when using v3/master as well). > > Using the stock unmodified modsecurity.conf-recommended. I added this line > for haproxy health checks: > > SecRule REQUEST_FILENAME "/waf_health_check" "id:1000,nolog,deny" > > Even with nolog this rule still logs to the audit log and the Nginx error > log. I've tried every combo of options I could find to get this to stop > logging but for some reason it still gets logged. > > As far as I can tell from the docs, nolog should prevent this rule match > from appearing in any logs. I shouldn't need anything else but this. What > am I missing? > > Bren > > > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ > -- regards Ehsan.Mahdavi PhD candidated for Computer Engineering by Isfahan University of Technology http://emahdavi.ece.iut.ac.ir/ |
