The alerts say that there was a user-agent string match (mozilla 4.0( ) with the comment spam rules. This match raised the tx.inbound_anomaly_score to 3. What do you have this value set to in the 10 config file? By default the blocking level is 5.
-- Ryan Barnett On Jan 4, 2011, at 3:46 PM, Dimitri Yioulos <[email protected]> wrote: > On Tuesday 04 January 2011 3:21:41 pm you wrote: >> On Tue, Jan 4, 2011 at 10:01 PM, Dimitri Yioulos > <[email protected]> wrote: >>> Did I forget something in setting up Anomoly >>> Scoring Detection Mode, or misconfigure >>> something? >> >> Hi Dimitri, >> >> What do the logs say? >> >> -- >> - Josh > > > Josh, > > I'm not great at deciphering the log messages that > modsec generates. I think I've captured some > relevant data, and put it here: > > http://pastebin.com/kCQ9i8p4 > > Dimitri > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > _______________________________________________ > Owasp-modsecurity-core-rule-set mailing list > [email protected] > https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set _______________________________________________ Owasp-modsecurity-core-rule-set mailing list [email protected] https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
