I have installed:
- Apache 2.2 + suexec (libxml2, etc.)
- Mod_security 2.6
- Mod_fcgid
I am using APACHE with newest hybrid EVENT MPM. I think it can be related to the problem.
Here is the problem:
Mod_security detects a threat, but do not blocks. Here is a message from audit log:
Message: Access denied with code 403 (phase 4). Pattern match "asdasdasd" at REQUEST_URI. [file "/usr/local/etc/apache22/httpd.conf"] [line "533"] [msg "Access Denied"]
Action: Intercepted (phase 4)
It looks like the client was blocked with exit code 403 - BUT IT WAS NOT!
I tried requesting .html file, for example url with MY MATCH KEYWORD /asdasdasd.html - mod_security has blocked the url as it supposed.
So mod_security does not work with .php files only.
Do you know how to solve the problem ? Thanks!
