Re: [mod-security-users] that dummy thing again

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

On 8.6.2007, at 16:31, Ryan Barnett wrote:

> There is already a Core Rule for this issue in the protocol  
> anomalies file.  I would just update the RegEx to include your NIC  
> alias address.
>

Yes, it shows I might just need to do that. I was really trying to  
avoid touching the rule set files at all, because I will need them on  
several machines in embedded mode and want to keep the automated  
updates as clean as possible.

On a more general note - is there any way to make the warnings not  
show up in the error log? I do have "SecAuditEngine RelevantOnly" and  
thought a "nolog" action should prevent the match from appearing from  
both the error and audit logs? So this should not appear in the logs,  
or am I missing something?

SecRule REQUEST_URI "^/$" "chain,skip:4"
SecRule REMOTE_ADDR "^127\.0\.0\.1$" "chain"
SecRule REQUEST_HEADERS:User-Agent "^Apache.*\(internal dummy  
connection\)$" "t:none,nolog"

Filip