Hi, Thanks for the reply. I have figured out the problem. I had a config file with a locationmatch for '/'. In the config, it defined an ErrorHandler 403 which actually ends up returning a 200 because of the error document. So, the browser showed the correct page, and a command line client triggered the 403 which actually ended up as a 200 because of the ErrorHandler! The clue was that the actual page returned was different. I only noticed this when I enabled verbose mode on the command line.
Thanks, Dan On 9 April 2013 12:30, Josh Amishav-Zlatin <jam...@owasp.org> wrote: > On Mon, Apr 8, 2013 at 4:40 PM, Dan Scott <danieljamessc...@gmail.com> > wrote: >> >> >> To re-iterate, mod_security seems to be working correctly for all >> pages except the root of the site. Is there something that I'm >> missing? Why would mod_security still log a 403 error, but not >> actually block the request? >> > > Hi Dan, > > Good question. Have you tried increasing the SecDebugLogLevel to 9 and look > in the debug log? Is there an audit log produced? > > -- > - Josh _______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
