Re: [mod-security-users] http-version
Brought to you by:
victorhora,
zimmerletw
From: Ivan R. <iv...@we...> - 2005-02-02 17:12:55
|
> mod_security-1.7.6 (net-www/mod_security) > > This is the latest stable version in portage when using "emerge -s > mod_security" or "emerge -uDp mod_security". That's way too old, having been released in March 2004. The 1.8 is better in many, many ways. I can see here http://www.gentoo-portage.com/net-www/mod_security they have the 1.8.6 version (I don't know what "hard masked" means, though). Chances are your problems will go away when you upgrade. Or, if they don't go away - I'll fix them. >>> 1) it shouldn't add any unmatched requests to the audit log when set >>> to RelevantOnly >> >> That depends. For example, I consider 414 responses to be relevant, >> match or no match. 1.9 will have a conf. option to deal with that. > > The manual says that "Relevant requests are those requests that caused a > filter match". I would agree with that description. A 414 should be > logged to the Apache error log, but not the mod_security audit log. That's why you'll get a conf. option to turn it off ;) >>> 3) "nolog" should apply to the audit log too >> >> >> I programmed it to apply to the audit log too. If it doesn't then >> it's a bug. > > > It's definitely not working in this version... I just changed my filter > as follows: I don't recall when I made that change. It could have been after 1.7.6. (But I see the code for that in the source now.) -- Ivan Ristic (http://www.modsecurity.org) |