> Em 20 de mai de 2018, à(s) 11:59, Daniel Corbett <[email protected]> > escreveu: > > Hello Joao, > > While I haven't been able to get 'tcp-request content reject' to work with > this configuration -- I am able to get 'http-request deny' to work: > > http-request deny if { var(txn.modsec.code) -m int gt 0 } > > Regarding txn.modsec.code -- I have been able to reproduce the > "txn.modsec.code=-101" and "set variable code=4294967195" when crs-setup.conf > / crs.setup.conf.example is missing the following SecDefaultAction lines: > > SecDefaultAction "phase:1,log,auditlog,deny,status:403" > SecDefaultAction "phase:2,log,auditlog,deny,status:403" > > When those are in place -- I receive the following in logs: > > The txn.modsec.code is: 403 > > Please let me know if that solves it for you. >
Hi Daniel, yes, now everything makes a lot of sense - and it’s working. Including the fact that `4294967195(uint32) == -101(int32)` and that I need to read a lot more about how ModSecurity works. Thanks! > > Thanks, > —- Daniel > ~jm
