Hi there, Ryan replaced the "deny" with the redirect in commit commit 85d96d18f35f4aac1799965df7e87c8998ab17ba on Jan 29, 2014 with the commit message: "Updating Risk Groups, LFI/SQLi Rules and Anomaly Scoring"
$> git diff d743fd2 85d96d1 ... +# -- [[ Disruptive Action Control ]] -- +# The default action is to issue a 302 redirect sending the client back to the main +# index page. # -SecDefaultAction "phase:1,deny,log" - +# -- [[ Host Meta-Data ]] -- +# The tag action will include the Host header data in the alert, which helps to identify +# which Vhost triggered the rule. +# +SecDefaultAction "phase:1,log,redirect:'http://%{request_headers.host}/',tag:'Host: %{request_headers.host}'" +SecDefaultAction "phase:2,log,redirect:'http://%{request_headers.host}/',tag:'Host: %{request_headers.host}'" ... Does anybody remember anything about Ryan's reasoning for this new default? Outside of it being a default and people better define a correct value for themselves? Personally, I am all for a default deny policy. I am also not sure, I want the proposed that with every alert. Ahoj, Christian -- People demand freedom of speech as a compensation for the freedom of thought which they seldom use. -- Soren Kierkegaard _______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
