Re: [mod-security-users] Allow and Pass with logging issues
Brought to you by:
victorhora,
zimmerletw
From: Ivan R. <iv...@we...> - 2003-10-28 14:58:57
|
Julian Frumar wrote: > I am trying to implement mod security initially to audit all POSTED > variables. > > > In order to do this, all I really need is a filter rule that matches the > POST request type, and logs, but allows the request. > > > I am having touble getting this simple setup running in Mod_security 1.7.1. > > It seems that the auditing and logging works when I deny the requests, but I > cannot get anything to log with the 'pass', and 'allow' actions. > > I am using apache 1.3.28, mod_security 1.7.1. > > I have copied the rule off page 16 of the PDF manual: > > ---------------------------------------------------- > pass > Allow request to continue on filter match. This action is useful when you > want to log a filter match > but otherwise do not want to take action. > > SecFilter KEYWORD "pass,log" > ---------------------------------------------------- > > However, I receive no logging at all! > > When I turn on debug logging, it says it is passing the match off to the > audit engine, but I see nothing in the error_log of apache, or the audit_log > of mod security. > > Can anyone else replicate this behaviour? I can. It is a bug. Since I am releasing 1.7.2 tonight the bug fix will be included with the new version. -- ModSecurity (http://www.modsecurity.org) [ Open source IDS for Web applications ] |