[mod-security-users] Problem executing PHP script as filter action

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

I'm having a problem with the following rule:

SecFilter "/bin/davetest" "exec:/usr/local/mod_sec/report-attack.sh"

where the contents of /usr/local/mod_sec/report-attack.sh are

#!/usr/local/bin/php -q
<?php
ob_start();
print_r($_SERVER);
$data =3D ob_get_contents();//save it in a variable for later use
ob_end_clean();//stop buffering

mail("db...@xx...","Environment Vars",$data);
echo "Done! \n";
$file =3D "/tmp/davetest.txt";
$open =3D @fopen($file, "w");
fwrite($open, $data);
fclose($open);

?>

The file will execute from the command line, and it looks like it's
processed in the audit log:

mod_security-message: Access denied with code 403. Pattern match
"/bin/davetest" at REQUEST_URI [severity "EMERGENCY"]
mod_security-action: 403
mod_security-executed: /usr/local/mod_sec/report-attack.sh

But I never get an email and the file is never written. Am I doing somethin=
g
wrong?

mod_security 1.9.3
apache 1.3.33
php version 4.4.0

Thanks for any help

David Brieck