Atomicorp

Security for Everyone
https://forums.atomicorp.com/

How can I stop this rule from logging?

https://forums.atomicorp.com/viewtopic.php?t=5534

Page 1 of 1

How can I stop this rule from logging?

Posted: Sat Nov 12, 2011 5:39 pm
by darkestweb
I've made a referrer.conf file to stop some of the proxies that are evidently allowing the countries I'm blocking through. The rule looks like this and is blocking them but I'd rather it block and not log. I've tried some combinations after searching for the solutions but everything I've tried doesn't seem to work. Any suggestions?

SecRule REQUEST_HEADERS:REFERER "more-proxies" deny,status:500

Thanks in advance.

Re: How can I stop this rule from logging?

Posted: Sat Nov 12, 2011 6:07 pm
by mikeshinn
Add "nolog" to the actions. If you also dont want it to show in the audit logs add noauditlog too.

Re: How can I stop this rule from logging?

Posted: Sat Nov 12, 2011 10:17 pm
by darkestweb
Thank you, I'm going to change it as you will see below, please let me know if this is not correct in syntax. I just want it to stop in the audit.log as I review that to find out if there are any new subnets that I need to block.

SecRule REQUEST_HEADERS:REFERER "more-proxies" deny,noauditlog,status:500

Thanks again!
All times are UTC-04:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited