[Owasp-modsecurity-core-rule-set] No rule-id in audit/error log with Nginx und MS3/CRS3

Muenz, Michael mase at partycrew-united.de
Thu Nov 24 15:19:50 UTC 2016


Hey guys,


I've successfully compiled the latest source of ModSecurity, 
ModSecurity-nginx and Nginx (community).
When I include CRS with default setup and open a test URL like:

http://localhost/?s=../../../../../etc/passwd

I receive a 403 and a log in the audit log.
With apache (and CRS2) there was a line in the error log with the 
complaining rule ID.

Now I'm wondering if I would hit a false positive, how to exclude the ID 
when there's nothing logged?

Is this a bug of CRS, or MS3, or MS3 AND Nginx?

Thanks,
Michael



More information about the Owasp-modsecurity-core-rule-set mailing list