Using Comodo Litespeed rules I can't make Litespeed log "logdata" messages. This log param is used to diagnose why the rule is triggered.
I was researching a little but wasn't able to find any mod_security specific option related to this log param. Maybe "SecAuditLogParts" is related to this issue but Comodo Litespeed WAF does not contain any "SecAuditLogParts" setting. Here is a link to Comodo forum how users report false positives including "logdata" log.
https://forums.comodo.com/free-mods...cwaf-rules-110-false-positives-t104721.0.html
logdata wiki : https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#logdata
Sample rule:
I was researching a little but wasn't able to find any mod_security specific option related to this log param. Maybe "SecAuditLogParts" is related to this issue but Comodo Litespeed WAF does not contain any "SecAuditLogParts" setting. Here is a link to Comodo forum how users report false positives including "logdata" log.
https://forums.comodo.com/free-mods...cwaf-rules-110-false-positives-t104721.0.html
logdata wiki : https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#logdata
Sample rule:
Code:
SecRule ARGS|ARGS_NAMES|REQUEST_COOKIES|REQUEST_COOKIES_NAMES|XML:/*|!ARGS:/body/|!ARGS:/content/|!ARGS:commentText|!ARGS:desc|!ARGS:/description/|!ARGS:introeditor[text]|!ARGS:_signature|!ARGS:Post|!ARGS:html_message|!ARGS:text|!REQUEST_COOKIES:/__utm/|!REQUEST_COOKIES:/_pk_ref/ "(asfunction|data|javascript|livescript|mocha|vbscript):" \
"id:212770,msg:'COMODO WAF: XSS Attack Detected',phase:2,capture,block,setvar:'tx.xss_points=+%{tx.points_limit4}',setvar:'tx.points=+%{tx.points_limit4}',logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',t:none,t:htmlEntityDecode,t:lowercase,t:removeNulls,t:removeWhitespace,rev:5,severity:2,tag:'CWAF',tag:'XSS'"