ModSecurity Audit Log issue - audit log not written to in chain rules
Hi, I have question about the audit log.
The following rule I have in one vhost. Upon accessing test.php, as expected, a full capture goes into the audit log
SecRule REQUEST_URI "/test\.php" auditlog,deny
SecRule REQUEST_URI "/test\.php" chain
SecRule ARGS:username "blah" auditlog,deny
^ the above rule DOES block my request and it logs to error.log. But nothing gets logged to the auditlog. The Audit Log only fails to get written to in rules with chain in it.
Any idea how to make chain rule blocks go to the auditlog as well?
Some settings, server level:
Enable Request Filtering
Debug Log Level
Scan Request Body
Disable .htaccess Override
Enable Security Audit Log
Security Audit Log
Last edited by c0ldshadow; 01-02-2013 at 09:06 PM..