How can I stop this rule from logging?

Community support forums for the free/delayed modsecurity rules feed. There is no such thing as a bad question here as long as it pertains to using the delayed modsecurity rules feed. Newbies feel free to get help getting started or asking questions that may be obvious.
darkestweb
Forum User
Forum User
Posts: 5
Joined: Sat Oct 22, 2011 7:40 pm
Location: USA

How can I stop this rule from logging?

Unread post by darkestweb »

I've made a referrer.conf file to stop some of the proxies that are evidently allowing the countries I'm blocking through. The rule looks like this and is blocking them but I'd rather it block and not log. I've tried some combinations after searching for the solutions but everything I've tried doesn't seem to work. Any suggestions?

SecRule REQUEST_HEADERS:REFERER "more-proxies" deny,status:500

Thanks in advance.
User avatar
mikeshinn
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 4149
Joined: Thu Feb 07, 2008 7:49 pm
Location: Chantilly, VA

Re: How can I stop this rule from logging?

Unread post by mikeshinn »

Add "nolog" to the actions. If you also dont want it to show in the audit logs add noauditlog too.
darkestweb
Forum User
Forum User
Posts: 5
Joined: Sat Oct 22, 2011 7:40 pm
Location: USA

Re: How can I stop this rule from logging?

Unread post by darkestweb »

Thank you, I'm going to change it as you will see below, please let me know if this is not correct in syntax. I just want it to stop in the audit.log as I review that to find out if there are any new subnets that I need to block.

SecRule REQUEST_HEADERS:REFERER "more-proxies" deny,noauditlog,status:500

Thanks again!
Post Reply