Can you show an audit log entry? On Mar 17, 2011, at 1:37 AM, dreamice <[email protected]> wrote:
> Dear all, > > I tested the var RESPONSE_CONTENT_LENGTH and RESPONSE_HEADERS:Content-Length > in phase 3, but it seems that they do not work well. > rules like: > SecRule REQUEST_HEADERS:Content-Length "@gt 150" > "phase:1,t:none,deny,log,auditlog'" > SecRule RESPONSE_HEADERS:Content-Length "@gt 150" > "phase:3,t:none,pass,log,auditlog" > > the response content length is more than 150 bytes, but the rule get no > effects. > > > > _______________________________________________ > Owasp-modsecurity-core-rule-set mailing list > [email protected] > https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. _______________________________________________ Owasp-modsecurity-core-rule-set mailing list [email protected] https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
