mod-security-users

[mod-security-users] Disable logging backend HTTP 403 mod_security

[Marcello L. <ce...@gm...>]

Hi All,
we have a simple reverse proxy and we installed mod_security to check the
incoming traffic but we noticed a lot of APIs 403 backend errors in the
audit_log but they were correct for the application side. Is it possible to
disable the print of the backend 403 and have only the mod_security blocks?

Thanks in advance,
Marcello

Re: [mod-security-users] Disable logging backend HTTP 403 mod_security

[Ervin H. <ai...@gm...>]

Hi Marcello,

On Mon, Apr 07, 2025 at 11:10:34AM +0200, Marcello Lorenzi wrote:
> Hi All,
> we have a simple reverse proxy and we installed mod_security to check the
> incoming traffic but we noticed a lot of APIs 403 backend errors in the
> audit_log but they were correct for the application side. Is it possible to
> disable the print of the backend 403 and have only the mod_security blocks?

sorry to say but unfortunately there is only one response code,
we can't distinguish it by its source.

What I think is to put an extra response header in the backend
side, and make a rule which checks that response header. If it
exists (with a specified value), then turn off the audit.log for
that transaction (ctl:auditLogEngine=Off). Or something
similar...


a.