Closed
Description
Not sure where this fits best, hence I post it as duplicate from owasp-modsecurity/ModSecurity#1568
I've setup ModSecurity 3 including the nginx connector. If I turn it on for testing with SecRuleEngine On - I get the audit log, and debug log, and blocking requests if rules match.
If I just use SecRuleEngine DetectionOnly I do not get any audit or error log.
Is this "as designed", or anything that needs to be turned on in addition? Even test rules do not trigger any logs, even with SecAuditEngine On.
[4] Initializing transaction
[4] Transaction context created.
[4] Starting phase CONNECTION. (SecRules 0)
[9] This phase consists of 0 rule(s).
[4] Starting phase URI. (SecRules 0 + 1/2)
[4] Adding request argument (GET): name "testparam", value "test"
[4] Starting phase REQUEST_HEADERS. (SecRules 1)
[9] This phase consists of 4 rule(s).
[4] (Rule: 1234) Executing operator "Contains" with param "test" against ARGS:testparam.
[9] Target value: "test" (Variable: ARGS:testparam)
[9] Matched vars updated.
[9] Rule contains a `pass' action
[4] Running [independent] (non-disruptive) action: log
[9] Saving transaction to logs
[4] Rule returned 1.
[4] Not running disruptive action: pass. SecRuleEngine is not On
[4] Running (non-disruptive) action: auditlog
[4] (Rule: 200000) Executing operator "Rx" with param "(?:application(?:/soap\+|/)|text/)xml" against REQUEST_HEADERS:Content-Type.
[4] Rule returned 0.
Metadata
Metadata
Assignees
Labels
No labels