Description
When i submit a request like
and the rule follow is fired:
SecRule REQUEST_URI "(^/admin)"
"id:'10',
t:none,
phase:1,
log,
deny,
status:403"
I see in debug log:
[04/Apr/2013:10:17:41 --0700] [/sid#89e6618][rid#8a2f780][/admin][5] Rule 89f6670: SecRule "REQUEST_URI" "@rx (^/admin)" "phase:1,auditlog,id:10,t:none,log,deny,status:403"
[04/Apr/2013:10:17:41 --0700] [/sid#89e6618][rid#8a2f780][/admin][4] Transformation completed in 4 usec.
[04/Apr/2013:10:17:41 --0700] [/sid#89e6618][rid#8a2f780][/admin][4] Executing operator "rx" with param "(^/admin)" against REQUEST_URI.
[04/Apr/2013:10:17:41 --0700] [/sid#89e6618][rid#8a2f780][/admin][9] Target value: "/usr/local/nginx/html/admin?"
[04/Apr/2013:10:17:41 --0700] [/sid#89e6618][rid#8a2f780][/admin][6] Ignoring regex captures since "capture" action is not enabled.
[04/Apr/2013:10:17:41 --0700] [/sid#89e6618][rid#8a2f780][/admin][4] Operator completed in 44 usec.
[04/Apr/2013:10:17:41 --0700] [/sid#89e6618][rid#8a2f780][/admin][4] Rule returned 0.