Fixed noauditlog. See #451.

apache2/modsecurity.c

@@ -333,6 +333,10 @@ static int is_response_status_relevant(modsec_rec *msr, int status) {
     apr_status_t rc;
     char buf[32];
 
+    /* ENH: Setting is_relevant here will cause an audit even if noauditlog
+     * was set for the last rule that matched.  Is this what we want?
+     */
+
     if ((msr->txcfg->auditlog_relevant_regex == NULL)
         ||(msr->txcfg->auditlog_relevant_regex == NOT_SET_P))
     {

apache2/re.c

@@ -1585,8 +1585,11 @@ static void msre_perform_disruptive_actions(modsec_rec *msr, msre_rule *rule,
         }
     }
 
-    /* If "noauditlog" was used do not mark the transaction for audit logging. */
+    /* If "noauditlog" used do not mark the transaction for audit logging. */
-    if (actionset->auditlog == 1) {
+    if (actionset->auditlog == 0) {
+        msr->is_relevant = 0;
+    }
+    else {
         msr->is_relevant++;
     }
 
@@ -1598,8 +1601,8 @@ static void msre_perform_disruptive_actions(modsec_rec *msr, msre_rule *rule,
         || (msr->modsecurity->processing_mode == MODSEC_OFFLINE)
         || (actionset->intercept_action == ACTION_NONE))
     {
-        /* If "nolog" was used log at a higher level. */
+        /* If "no(audit)?log" was used log at a higher level. */
-        msc_alert(msr, (actionset->log == 0 ? 4 : 2), actionset,
+        msc_alert(msr, ((actionset->log == 0) || (actionset->auditlog == 0) ? 4 : 2), actionset,
             "Warning.", message);
         return;
     }