Re: [mod-security-users] http-version
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] http-version
|
From: Tom A. <tan...@oa...> - 2005-02-02 15:36:10
|
I have SecAuditEngine set to "RelevantOnly", but the log is getting filled up with "HTTP/1.0 200 OK" entries every three minutes from my web host checking the connection with "check_http/1.24.2.4 (nagios-plugins )". I don't have any rules that return 200... they all return 406. Why is it logging these? There are no mod_security headers attached. I tried to work around the problem by matching "check_http" in the user agent and giving it a "nolog,deny,status:200", but apparently the "status:200" overrules the deny directive as the page is still output, and apparently the "nolog" command doesn't apply to the audit log. Desired/expected behavior: 1) it shouldn't add any unmatched requests to the audit log when set to RelevantOnly 2) "deny" command with "status:200" should just return the 200 header without any data 3) "nolog" should apply to the audit log too Tom |
