[ https://www.modsecurity.org/tracker/browse/MODSEC-188?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Breno Silva Pinto resolved MODSEC-188.
--------------------------------------
Resolution: Cannot Reproduce
Marc,
I'm closing this now to release the next release. If you have news about it let me know and we can reopen.
thanks
> Incorrect status code in phase 3/4
> ----------------------------------
>
> Key: MODSEC-188
> URL: https://www.modsecurity.org/tracker/browse/MODSEC-188
> Project: ModSecurity
> Issue Type: Bug
> Security Level: Normal
> Components: Core
> Affects Versions: 2.5.12
> Environment: Windows + Linux
> Reporter: Marc Stern
> Assignee: Breno Silva Pinto
> Priority: High
> Fix For: 2.6.3
>
>
> In a reverse proxy mode, blocking in phase 3/4 does not change the status and does not display Apache error page.
> Ex: SecAction "phase:3,t:none,log,deny,status:500"
> This always returns the back-end status with an empty page, even if the debug log says it denies with 500.
> Debug log:
> - Rule 25a4890: SecAction "phase:3,status:500,auditlog,t:none,log,deny"
> - Transformation completed in 0 usec.
> - Executing operator "unconditionalMatch" with param "" against REQUEST_URI.
> - Target value: "/test/test.html"
> - Operator completed in 0 usec.
> - Rule returned 1.
> - Match, intercepted -> returning.
> - Access denied with code 500 (phase 3). Unconditional match in SecAction. [file "..."] [line "1"]
> - Initialising logging.
> - Starting phase LOGGING.
> - This phase consists of 0 rule(s).
> - Audit log: Logging this transaction.
> This is with version 2.5.12, on an almost empty config.
> I did not notice this problem with previous versions.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
|
