Hi all,
I just noticed that all the rules that have an Id that starts with "973"
(modsecurity_crs_41_xss_attacks.conf) are the only CRS rules that have
"nolog" and "noauditlog" in their actions list despite the "setvar:tx.%{
rule.id}-...-%{matched_var_name}=%{tx.0}" action. Therefore it's impossible
to override log destinations for those rules with the "SecDefaultAction"
directive.
Is there any reason for that?
TYIA
Rm4dillo
_______________________________________________
Owasp-modsecurity-core-rule-set mailing list
[email protected]
https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
