- 
                Notifications
    You must be signed in to change notification settings 
- Fork 1.7k
Closed
Description
MODSEC-12: When an operator execution fails (ie returns <0), the rule is just dropped and fails open (no interception performed).
Example debug output:
{noformat}
[4] Rule returned -1.
[1] Rule processing failed.
{noformat}
This change was introduced in 2.1.2 and may have been a bad decision on my part.
Is this really what we want now? I think it should be an option (maybe SecInterceptOnError On|Off). It should at least be documented.
Metadata
Metadata
Assignees
Labels
No labels