Closed
Description
Describe the bug
mod_security is logging messages with level 'error' into apache error log even with this setting:
LogLevel warn security2:crit
The problem is, probably, because mod_security is marking messages as if they come from Apache itself. See the log line below, there should be [security2:error]
instead of [:error]
.
We need to suppress these messages because they are confusing to our users.
Logs and dumps
[Thu Apr 30 08:27:15.510284 2020] [:error] [pid 25449] [client 1.1.1.1:55988] [client 1.1.1.1] ModSecurity: Warning. Pattern match ...
Server (please complete the following information):
- ModSecurity version (and connector): mod_security 2.9.3
- WebServer: Apache 2.4
- OS (and distro): Debian linux, 64bit