[mod-security-users] How can I exclude Nagios check_http from mod_security

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hallo List

I am unable to exclude Nagios check_http User Agent from mod_security.

I have enabled the following rule:
    # Detect manual and crude automated requests.
    #
    SecFilterSelective HTTP_Host|HTTP_User-Agent|HTTP_Accept "^$"
"id:2,rev:1,severity:2,msg:'Empty HTTP Host, User-Agent or Accept)'"

And Nagios check_http is hitting that rule. So I wrote a rule before that
rule to exclude Nagios User Agent. But it does not work. This is the rule:
    # Nagios check_http
    SecFilterSelective HTTP_USER_AGENT
"check_http/[0-9\.]+[[:space:]]+\(nagios\-plugins[[:space:]]+[0-9\.]+\)$"
pass,nolog

I tried to shorten the rule to, but It still does not work:
    # Nagios check_http
    SecFilterSelective HTTP_USER_AGENT "^check_http.*$" pass,nolog

I tried as well to chain the rule, but that does as well not work:
    SecFilterSelective HTTP_USER_AGENT
"check_http/[0-9\.]+[[:space:]]+\(nagios\-plugins[[:space:]]+[0-9\.]+\)$"
chain
    SecFilterSelective HTTP_Accept "^$" pass,nolog

But I am still getting the following error:
==0a550566==============================
Request: abc.def.ghi.jkl abc.def.ghi.jkl - - [06/Mar/2006:22:49:26 +0100]
"GET / HTTP/1.0" 403 280 "-" "check_http/1.81 (nagios-plugins 1.4.2)" - "-"
----------------------------------------
GET / HTTP/1.0
User-Agent: check_http/1.81 (nagios-plugins 1.4.2)
Host: abc.def.ghi.jkl
mod_security-message: Access denied with code 403. Pattern match "^$" at
HEADER("Accept") [id "2"] [rev "1"] [msg "Empty HTTP Host, User-Agent or
Accept)"] [severity "2"]
mod_security-action: 403

HTTP/1.0 403 Forbidden
Content-Length: 280
Connection: close
Content-Type: text/html; charset=iso-8859-1
--0a550566--

What am I doing wrong?

-- 
Bis zu 70% Ihrer Onlinekosten sparen: GMX SmartSurfer!
Kostenlos downloaden: http://www.gmx.net/de/go/smartsurfer