directive changed as modsecurity_use_error_log

fatihusta · fatihusta · commit 585dc82d5502 · 2025-08-14T08:03:30.000+03:00
- tests are changed with new directive name
- nginx.conf updated with new directive name
- added doc

Signed-off-by: Fatih USTA &lt;fatihusta86@gmail.com&gt;
diff --git a/.github/nginx/nginx.conf b/.github/nginx/nginx.conf
@@ -76,10 +76,10 @@ http {
 
     server {
         listen          80;
-        server_name     modsecurity_disable_error_log;
+        server_name     modsecurity_use_error_log_off;
 
         modsecurity on;
-        modsecurity_disable_error_log on;
+        modsecurity_use_error_log off;
         modsecurity_rules_file /home/runner/work/ModSecurity-nginx/ModSecurity-nginx/ModSecurity-nginx/.github/nginx/modsecurity.conf;
         root  /usr/local/nginx/html/;
 
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -140,19 +140,19 @@ jobs:
             echo "FAIL"
             exit 1
           fi
-      - name: Check attack log vhost 2 (modsecurity_disable_error_log off(default))
+      - name: Check attack log vhost 2 (modsecurity_use_error_log on(default))
         run: |
           if ( grep -q "modsectest2" /usr/local/nginx/logs/error.log ); then
             echo "OK"
           else
             echo "FAIL"
             exit 1
           fi
-      - name: Check attack log vhost 3 (modsecurity_disable_error_log on)
+      - name: Check attack log vhost 3 (modsecurity_use_error_log off)
         run: |
-          status=$(curl -sSo /dev/null -w %{http_code} -I -X GET -H "Host: modsecurity_disable_error_log" "http://localhost/?q=attack")
+          status=$(curl -sSo /dev/null -w %{http_code} -I -X GET -H "Host: modsecurity_use_error_log_off" "http://localhost/?q=attack")
           if [ "${status}" == "403" ]; then
-            if ( grep -q "modsecurity_disable_error_log" /usr/local/nginx/logs/error.log ); then
+            if ( grep -q "modsecurity_use_error_log_off" /usr/local/nginx/logs/error.log ); then
               echo "FAIL"
               exit 1
             else
diff --git a/README.md b/README.md
@@ -175,6 +175,15 @@ using the same unique identificator.
 
 String can contain variables.
 
+modsecurity_use_error_log
+-----------
+**syntax:** *modsecurity_use_error_log on | off*
+
+**context:** *http, server, location*
+
+**default:** *on*
+
+Turns on or off ModSecurity error log functionality.
 
 # Contributing
 
diff --git a/src/ngx_http_modsecurity_common.h b/src/ngx_http_modsecurity_common.h
@@ -118,7 +118,7 @@ typedef struct {
     void                      *rules_set;
 
     ngx_flag_t                 enable;
-    ngx_flag_t                 disable_error_log;
+    ngx_flag_t                 use_error_log;
 #if defined(MODSECURITY_SANITY_CHECKS) && (MODSECURITY_SANITY_CHECKS)
     ngx_flag_t                 sanity_checks_enabled;
 #endif
diff --git a/src/ngx_http_modsecurity_module.c b/src/ngx_http_modsecurity_module.c
@@ -166,8 +166,8 @@ ngx_http_modsecurity_process_intervention (Transaction *transaction, ngx_http_re
         return NGX_HTTP_INTERNAL_SERVER_ERROR;
     }
 
-    // logging to nginx error log can be disable by setting `modsecurity_disable_error_log` to on
-    if (!mcf->disable_error_log) {
+    // logging to nginx error log can be disable by setting `modsecurity_use_error_log` to off
+    if (mcf->use_error_log) {
         log = intervention.log;
         if (intervention.log == NULL) {
           log = "(no log message was specified)";
@@ -522,11 +522,11 @@ static ngx_command_t ngx_http_modsecurity_commands[] =  {
     NULL
   },
   {
-    ngx_string("modsecurity_disable_error_log"),
+    ngx_string("modsecurity_use_error_log"),
     NGX_HTTP_LOC_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_MAIN_CONF|NGX_CONF_FLAG,
     ngx_conf_set_flag_slot,
     NGX_HTTP_LOC_CONF_OFFSET,
-    offsetof(ngx_http_modsecurity_conf_t, disable_error_log),
+    offsetof(ngx_http_modsecurity_conf_t, use_error_log),
     NULL
   },
   ngx_null_command
@@ -740,7 +740,7 @@ ngx_http_modsecurity_create_conf(ngx_conf_t *cf)
     conf->rules_set = msc_create_rules_set();
     conf->pool = cf->pool;
     conf->transaction_id = NGX_CONF_UNSET_PTR;
-    conf->disable_error_log = NGX_CONF_UNSET;
+    conf->use_error_log = NGX_CONF_UNSET;
 #if defined(MODSECURITY_SANITY_CHECKS) && (MODSECURITY_SANITY_CHECKS)
     conf->sanity_checks_enabled = NGX_CONF_UNSET;
 #endif
@@ -780,7 +780,7 @@ ngx_http_modsecurity_merge_conf(ngx_conf_t *cf, void *parent, void *child)
 
     ngx_conf_merge_value(c->enable, p->enable, 0);
     ngx_conf_merge_ptr_value(c->transaction_id, p->transaction_id, NULL);
-    ngx_conf_merge_value(c->disable_error_log, p->disable_error_log, 0);
+    ngx_conf_merge_value(c->use_error_log, p->use_error_log, 1);
 #if defined(MODSECURITY_SANITY_CHECKS) && (MODSECURITY_SANITY_CHECKS)
     ngx_conf_merge_value(c->sanity_checks_enabled, p->sanity_checks_enabled, 0);
 #endif
