Hello Joao,
While I haven't been able to get 'tcp-request content reject' to work
with this configuration -- I am able to get 'http-request deny' to work:
http-request deny if { var(txn.modsec.code) -m int gt 0 }
Regarding txn.modsec.code -- I have been able to reproduce the
"txn.modsec.code=-101" and "set variable code=4294967195" when
crs-setup.conf / crs.setup.conf.example is missing the following
SecDefaultAction lines:
SecDefaultAction "phase:1,log,auditlog,deny,status:403"
SecDefaultAction "phase:2,log,auditlog,deny,status:403"
When those are in place -- I receive the following in logs:
The txn.modsec.code is: 403
Please let me know if that solves it for you.
Thanks,
-- Daniel
