[mod-security-users] Allow and Pass with logging issues

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

I am trying to implement mod security initially to audit all POSTED
variables.

In order to do this, all I really need is a filter rule that matches the
POST request type, and logs, but allows the request.

I am having touble getting this simple setup running in Mod_security 1.7.1.

It seems that the auditing and logging works when I deny the requests, but I
cannot get anything to log with the 'pass', and 'allow' actions.

I am using apache 1.3.28, mod_security 1.7.1.

I have copied the rule off page 16 of the PDF manual:

----------------------------------------------------
pass
Allow request to continue on filter match. This action is useful when you
want to log a filter match
but otherwise do not want to take action.

SecFilter KEYWORD "pass,log"
----------------------------------------------------

However, I receive no logging at all!

When I turn on debug logging, it says it is passing the match off to the
audit engine, but I see nothing in the error_log of apache, or the audit_log
of mod security.

Can anyone else replicate this behaviour?

Many Thanks!