Re: [mod-security-users] nolog rule still logs

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐

On Tuesday, April 6th, 2021 at 2:38 PM, Christian Folini <chr...@ne...> wrote:

> However, this only accounts for the audit log and you said you also got error-log messages and I could not explain those.

Hmm yeah, I enabled the error log again and those 403s are still being logged there:

nginx: 2021/04/06 15:46:06 [error] 17236#17236: *3835 [client 127.0.0.1] ModSecurity: Access denied with code 403 (phase 1). Matched "Operator `Rx' with parameter `/waf_health_check' against variable `REQUEST_FILENAME' (Value: `/waf_health_check' ) [file "/etc/openresty/modsecurity/exclusions.conf"] [line "3"] [id "1000"] [rev ""] [msg ""] [data ""] [severity "0"] [ver ""] [maturity "0"] [accuracy "0"] [hostname "127.0.0.1"] [uri "/waf_health_check"] [unique_id "1617738366"] [ref "o0,17v5,17"], client: 127.0.0.1, server: , request: "HEAD /waf_health_check HTTP/1.1", host: "www.testhost.com"

Nothing is being logged to the audit log though so that's good. I'll continue to investigate.

Bren