[Owasp-modsecurity-core-rule-set] No rule-id in audit/error log with Nginx und MS3/CRS3

Muenz, Michael mase at partycrew-united.de
Thu Nov 24 16:02:43 UTC 2016

Am 24.11.2016 um 16:59 schrieb Christian Folini:
> The interesting bit, the H part is empty.
> That is very odd. What is your SecAuditLogParts setting?
> Maybe you remove it for a test so it reverts to the default which should
> bring you the H audit log part.
> Ahoj,
> Christian
SecAuditLogParts ABIJDEFHZ

What I changed in crs-setup.conf was:

SecDefaultAction "phase:1,log,auditlog,deny,status:403"
SecDefaultAction "phase:2,log,auditlog,deny,status:403"

... instead of the default.



More information about the Owasp-modsecurity-core-rule-set mailing list