I am trying to implement mod security initially to audit all POSTED
variables.
In order to do this, all I really need is a filter rule that matches the
POST request type, and logs, but allows the request.
I am having touble getting this simple setup running in Mod_security 1.7.1.
It seems that the auditing and logging works when I deny the requests, but I
cannot get anything to log with the 'pass', and 'allow' actions.
I am using apache 1.3.28, mod_security 1.7.1.
I have copied the rule off page 16 of the PDF manual:
----------------------------------------------------
pass
Allow request to continue on filter match. This action is useful when you
want to log a filter match
but otherwise do not want to take action.
SecFilter KEYWORD "pass,log"
----------------------------------------------------
However, I receive no logging at all!
When I turn on debug logging, it says it is passing the match off to the
audit engine, but I see nothing in the error_log of apache, or the audit_log
of mod security.
Can anyone else replicate this behaviour?
Many Thanks!
|
