Atomicorp

Thank you, I'm going to change it as you will see below, please let me know if this is not correct in syntax. I just want it to stop in the audit.log as I review that to find out if there are any new subnets that I need to block. SecRule REQUEST_HEADERS:REFERER "more-proxies" deny,noauditl...

I've made a referrer.conf file to stop some of the proxies that are evidently allowing the countries I'm blocking through. The rule looks like this and is blocking them but I'd rather it block and not log. I've tried some combinations after searching for the solutions but everything I've tried doesn...

As you said and you were correct there were entries in the .htaccess that were filtering for known bad events and returning and redirecting to the index with a 403 error. Thank you very much for your advice/assistance.

Perfect sir I was wondering why it wasn't telling me the ruleset that was what was confusing me. Sorry I didn't know that it logged other 403's that way and thank you very much for the explanation.

modsecurity 2.5.13 - most recent delayed rules I hope this shouldn't be obvious to me but I'm trying to track down an entry that is found very frequently in my audit_log. The following entry with little but time and sequence variation makes up 9/10ths of my audit log. I'm going to paste two that cam...