Re: [mod-security-users] Bigger test fails but chained rule is recorded in audit_log

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Dionysios G. Synodinos wrote:
> I use the following "big test":
> 
>    SecFilterSelective REMOTE_ADDR "!^148.101.211" chain
>    SecFilterSelective SCRIPT_FILENAME "(admin\.php|user\.php)$"
> 
> which restricts access to admin.php & user.php (*) from outside my LAN.
> 
> It seems that since the first filter matches for any other request from
> the internet, it is recorded in the audit_log, even if the "big test"
> doesn't match.
> 
> Is there a way to avoid this behaviour since it clutters my logs with
> unneccesary information..?

  I couldn't repeat your problem using the 1.8.x branch. Please
  download the 1.8RC1 version (just released) and try it out.

-- 
ModSecurity (http://www.modsecurity.org)
[ Open source IDS for Web applications ]