I've made a referrer.conf file to stop some of the proxies that are evidently allowing the countries I'm blocking through. The rule looks like this and is blocking them but I'd rather it block and not log. I've tried some combinations after searching for the solutions but everything I've tried doesn't seem to work. Any suggestions?
SecRule REQUEST_HEADERS:REFERER "more-proxies" deny,status:500
Thanks in advance.
How can I stop this rule from logging?
-
- Forum User
- Posts: 5
- Joined: Sat Oct 22, 2011 7:40 pm
- Location: USA
- mikeshinn
- Atomicorp Staff - Site Admin
- Posts: 4149
- Joined: Thu Feb 07, 2008 7:49 pm
- Location: Chantilly, VA
Re: How can I stop this rule from logging?
Add "nolog" to the actions. If you also dont want it to show in the audit logs add noauditlog too.
Michael Shinn
Atomicorp - Security For Everyone
Atomicorp - Security For Everyone
-
- Forum User
- Posts: 5
- Joined: Sat Oct 22, 2011 7:40 pm
- Location: USA
Re: How can I stop this rule from logging?
Thank you, I'm going to change it as you will see below, please let me know if this is not correct in syntax. I just want it to stop in the audit.log as I review that to find out if there are any new subnets that I need to block.
SecRule REQUEST_HEADERS:REFERER "more-proxies" deny,noauditlog,status:500
Thanks again!
SecRule REQUEST_HEADERS:REFERER "more-proxies" deny,noauditlog,status:500
Thanks again!