Added back support for HTTP_* targets by aliasing it to REQUEST_HEADERS:*.

Fixed the severity warning message to only be displayed at a warn log level.
2026-01-13 15:07:10 +03:00 · 2008-03-19 21:31:41 +00:00
parent b2cf7d1329
commit 6b970c9185
5 changed files with 28 additions and 9 deletions
--- a/apache2/apache2_config.c
+++ b/apache2/apache2_config.c
@@ -1129,10 +1129,11 @@ static const char *cmd_default_action(cmd_parms *cmd, void *_dcfg, const char *p
    if ((dcfg->tmp_default_actionset->severity != NOT_SET)
        ||(dcfg->tmp_default_actionset->logdata != NOT_SET_P))
    {
-        ap_log_perror(APLOG_MARK, APLOG_STARTUP|APLOG_NOERRNO, 0, cmd->pool,
-            "ModSecurity: WARNING SecDefaultAction \"%s\" should not "
-            "contain a severity or logdata action (%s:%d).",
-            p1, cmd->directive->filename, cmd->directive->line_num);
+        ap_log_perror(APLOG_MARK,
+            APLOG_STARTUP|APLOG_WARNING|APLOG_NOERRNO, 0, cmd->pool,
+            "ModSecurity: WARNING Using \"severity\" or \"logdata\" in "
+            "SecDefaultAction is deprecated (%s:%d).",
+            cmd->directive->filename, cmd->directive->line_num);
    }

    /* Must not use chain. */