Re: [mod-security-users] nolog rule still logs
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] nolog rule still logs
|
From: Bren <umu...@pr...> - 2021-04-06 19:25:18
|
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Saturday, April 3rd, 2021 at 12:38 PM, Bren via mod-security-users <mod...@li...> wrote: > Even with nolog this rule still logs to the audit log and the Nginx error log. So I think I know what's going on. This rule isn't actually being logged despite "nolog". I think it's the 403 itself that's being logged due to the default: SecAuditLogRelevantStatus "^(?:5|4(?!04))" If I set it to: SecAuditLogRelevantStatus "^(?:5|4(?!04|03))" It stops logging the 403s being generated by my health check rule. The comment on this rule says: "Log the transactions that are marked by a rule, as well as those that trigger a server error..." So I think this is working as designed since my rule is triggering a server error. If I set my rule to "log" it still logs the rule match as expected showing the 403 response. OWASP CRS rule matches still get logged as well so I think this change will work for me. Bren |
