Has anyone made any headway into the logging issue which occurs when RUID is in place?
I have about 10% of the rules working properly. By properly, I mean they are detected AND logged properly which allows for ConfigServer Firewall to pick off the bad bots etc. This I suspect because it occurs before the PHP layer. What I do not have is brute force attacks to scripts such as WordPress and Joomla being blocked off because although picked up by ModSecuriy, it is unable to write to the log file because of RUIDs influence at the account level when PHP is involved and it's attempt to write back as the user.
I have about 10% of the rules working properly. By properly, I mean they are detected AND logged properly which allows for ConfigServer Firewall to pick off the bad bots etc. This I suspect because it occurs before the PHP layer. What I do not have is brute force attacks to scripts such as WordPress and Joomla being blocked off because although picked up by ModSecuriy, it is unable to write to the log file because of RUIDs influence at the account level when PHP is involved and it's attempt to write back as the user.