Re: [mod-security-users] {Spam?} collecting 401 errors
Brought to you by:
victorhora,
zimmerletw
From: Ofer S. <OferS@Breach.com> - 2007-01-09 14:39:28
|
The correct regular expression if you want to also exclude 401 status codes is: =20 "^(?:5|4\d[^41])" =20 There is no simple "!" negation operator for regular expressions. The easier alternative is excluding digits using [^...] as done here. The (?!....) operator called "zero-width negative look-ahead assertion" is as complex to use as the name suggests. =20 A good way to both learn and test those regular expressions before using them in a ModSecurity installation is a regular expression test program such as The Regex Coach (http://weitz.de/regex-coach/ <http://weitz.de/regex-coach/> ) or Expresoo (http://www.codeproject.com/dotnet/Expresso.asp). =20 ~ Ofer =20 =20 =20 ________________________________ From: mod...@li... [mailto:mod...@li...] On Behalf Of Dan Rossi Sent: Monday, January 08, 2007 6:26 AM To: mod...@li... Subject: [mod-security-users] {Spam?} collecting 401 errors =20 Hi ive noticed that mod sec is collecting 401 errors, how is it possible to turn these off, the config is setup like so currently SecAuditLogRelevantStatus "^(?:5|4\d[^4])" would this prob work SecAuditLogRelevantStatus "^(?:5|4\d[^4]|!401)" ?=20 |