-
Notifications
You must be signed in to change notification settings - Fork 1.6k
Nginx + libmodsecurity + custom 403 page = no audit_log #1459
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Comments
HI @averges, You may want to try to place the ModSecurity configurations in the server entry. |
Thanks @zimmerle, If I place ModSecurity configurations in the server entry then error_page directive stops working and nginx shows their 403 default page.
|
After some tests I see that requests with score >0 & < anomaly_score_threshold are logged correctly but denied requests (score > anomaly_score_threshold) aren't logged. If it helps...
Debug log
|
Hi Why is this issue closed? Br |
There is an issue on the nginx connector on the same subject: owasp-modsecurity/ModSecurity-nginx#55 |
same issue |
@realpg please follow up here: owasp-modsecurity/ModSecurity-nginx#76 |
When I configure nginx to show a custom 403 page (without url redirect), modsecurity stops logging into audit_log.
Nginx 1.13.0
Modsecurity v3/master
Nginx config:
The text was updated successfully, but these errors were encountered: