[Owasp-modsecurity-core-rule-set] No rule-id in audit/error log with Nginx und MS3/CRS3
mase at partycrew-united.de
Thu Nov 24 15:19:50 UTC 2016
I've successfully compiled the latest source of ModSecurity,
ModSecurity-nginx and Nginx (community).
When I include CRS with default setup and open a test URL like:
I receive a 403 and a log in the audit log.
With apache (and CRS2) there was a line in the error log with the
complaining rule ID.
Now I'm wondering if I would hit a false positive, how to exclude the ID
when there's nothing logged?
Is this a bug of CRS, or MS3, or MS3 AND Nginx?
More information about the Owasp-modsecurity-core-rule-set