[Owasp-modsecurity-core-rule-set] No rule-id in audit/error log with Nginx und MS3/CRS3

Muenz, Michael mase at partycrew-united.de
Thu Nov 24 16:02:43 UTC 2016


Am 24.11.2016 um 16:59 schrieb Christian Folini:
>
> The interesting bit, the H part is empty.
>
> That is very odd. What is your SecAuditLogParts setting?
>
> Maybe you remove it for a test so it reverts to the default which should
> bring you the H audit log part.
>
> Ahoj,
>
> Christian
>
>
SecAuditLogParts ABIJDEFHZ

What I changed in crs-setup.conf was:

SecDefaultAction "phase:1,log,auditlog,deny,status:403"
SecDefaultAction "phase:2,log,auditlog,deny,status:403"

... instead of the default.


Thanks,

Michael




More information about the Owasp-modsecurity-core-rule-set mailing list