Re: http-version

> mod_security-1.7.6 (net-www/mod_security)
> 
> This is the latest stable version in portage when using "emerge -s 
> mod_security" or "emerge -uDp mod_security".

   That's way too old, having been released in March 2004. The 1.8 is
   better in many, many ways. I can see here
   http://www.gentoo-portage.com/net-www/mod_security

   they have the 1.8.6 version (I don't know what "hard masked" means,
   though). Chances are your problems will go away when you upgrade. Or,
   if they don't go away - I'll fix them.

>>> 1) it shouldn't add any unmatched requests to the audit log when set 
>>> to RelevantOnly
>>
>>   That depends. For example, I consider 414 responses to be relevant,
>>   match or no match. 1.9 will have a conf. option to deal with that.
> 
> The manual says that "Relevant requests are those requests that caused a 
> filter match".  I would agree with that description.  A 414 should be 
> logged to the Apache error log, but not the mod_security audit log.

   That's why you'll get a conf. option to turn it off ;)

>>> 3) "nolog" should apply to the audit log too
>>
>>
>>   I programmed it to apply to the audit log too. If it doesn't then