Post Body not inspected

[brianp9906]

Using ModSecurity-apache connector (latest), post body injections are not inspected. When compared with the exact same post body with a different server running ModSecurity 2.9.1, it it properly blocked (403 forbidden). Something is wrong that its not inspecting the post body.

Using the same servers, if I use a <script> tag in the referer header, both systems block it. So it appears request headers are inspected, but post body is not.

[victorhora]

@brianp9906

Thanks for the report. Pull request #22 is up for evaluation to address this issue.

Please give it a try and let us know if it works for you.

[brianp9906]

Yes it fixed the issue. The error log (Apache error_log) does incorrectly show access denied with code 200 for phase 2 when blocked. Modsec audit log does show 403 in the details of the request.

[victorhora]

Thanks for the feedback @brianp9906. About your other issue, can you please provide more details (logs, versions etc) on another issue? Thanks.