Re: [mod-security-users] nolog rule still logs
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] nolog rule still logs
|
From: Christian F. <chr...@ne...> - 2021-04-06 07:28:25
|
Hi Bren, This is all a bit complicated. Yet there is a chance this is logged in the audit log because the status is 403. That does not really explain the error log though. What engine version and which connector are you using? Best, Christian On Sat, Apr 03, 2021 at 05:38:27PM +0000, Bren via mod-security-users wrote: > Hello, > > I've been working to roll out ModSecurity on Nginx (OpenResty 1.19.3.1 / nginx-1.19.3). I compiled the Nginx connector against the Debian 10 version of libmodsecurity (v3.0.3, but this happens when using v3/master as well). > > Using the stock unmodified modsecurity.conf-recommended. I added this line for haproxy health checks: > > SecRule REQUEST_FILENAME "/waf_health_check" "id:1000,nolog,deny" > > Even with nolog this rule still logs to the audit log and the Nginx error log. I've tried every combo of options I could find to get this to stop logging but for some reason it still gets logged. > > As far as I can tell from the docs, nolog should prevent this rule match from appearing in any logs. I shouldn't need anything else but this. What am I missing? > > Bren > > > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ |
