My situation:
* Have MainDomain.com
* Have pointer domains like MyPointerDomain.com, as alias to MainDomain.com
* Have ModSecurity enabled, with rules that trigger for those sites.
Then, the ModSecurity interface will only the log-entries that were triggered on the MainDomain.com, and not the MyPointerDomain.com
even though the /var/log/httpd/domains/modse_audit.log contains entries for the pointer hosts.
I'm assuming it's because the ModSecurity GUI interface greps the auditlogs for "host:MainDomain.com", and not "host:MainDomain.com OR MyPointerDomain.com"?
* Have MainDomain.com
* Have pointer domains like MyPointerDomain.com, as alias to MainDomain.com
* Have ModSecurity enabled, with rules that trigger for those sites.
Then, the ModSecurity interface will only the log-entries that were triggered on the MainDomain.com, and not the MyPointerDomain.com
even though the /var/log/httpd/domains/modse_audit.log contains entries for the pointer hosts.
I'm assuming it's because the ModSecurity GUI interface greps the auditlogs for "host:MainDomain.com", and not "host:MainDomain.com OR MyPointerDomain.com"?