modsecurity2.9 nonsupport apache+CGI+suexec+php-cgi?

[lwpaxcdcg]

I know that there are three ways for php be embeded into apache:
1.CGI model
ScriptAlias /cgi-bin/ "/usr/local/apache/cgi-bin/"
AddType application/x-httpd-php .php
Action application/x-httpd-php "/cgi-bin/php-cgi"

2.Apache module model
LoadModule php5_module modules
AddType application/x-httpd-php .php

3.FastCGI model
Negligible......

Because of product line,we use model of apache+CGI+suexec+php5,for the security issues,it can’t be changed.
But I found that the ModSecurity does not allow the implementation of the RESPONSE_BODY phase monitoring.All rules are not in force.While other non PHP (such as HTML type rules) can be effective.
I found The php5_module module is used in examples of the official website and a lot of reference books, and does not find an example of the relevant Action php-cgi approach.
Is it because ModSecurity does not support this approach??? If you support, who can help me to answer why my log in the implementation of PHP when the direct jump to “Starting phase LOGGING”

My apache configuration is as follows:

AddType application/x-httpd-php .php .php4 .php3 .phtml .phtm .asmx .dll .aspx .asp
AddType application/x-httpd-php-source .phps
Action  application/x-httpd-php /cgi-bin/.parsephp

My modsec configuration is as follows:

SecRuleEngine on
SecRequestBodyAccess On
SecRule REQUEST_HEADERS:Content-Type "(?:text|application)/xml"
"id:'200000',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=XML"
SecRule REQUEST_HEADERS:Content-Type "application/json"
"id:'200001',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=JSON"
SecRequestBodyLimit 13107200
SecRequestBodyNoFilesLimit 131072
SecRequestBodyInMemoryLimit 131072
SecRequestBodyLimitAction Reject
SecRule REQBODY_ERROR "!@eq 0"
"id:'200002', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2"
SecRule MULTIPART_STRICT_ERROR "!@eq 0"
"id:'200003',phase:2,t:none,log,deny,status:400,
msg:'Multipart request body failed strict validation:
PE %{REQBODY_PROCESSOR_ERROR},
BQ %{MULTIPART_BOUNDARY_QUOTED},
BW %{MULTIPART_BOUNDARY_WHITESPACE},
DB %{MULTIPART_DATA_BEFORE},
DA %{MULTIPART_DATA_AFTER},
HF %{MULTIPART_HEADER_FOLDING},
LF %{MULTIPART_LF_LINE},
SM %{MULTIPART_MISSING_SEMICOLON},
IQ %{MULTIPART_INVALID_QUOTING},
IP %{MULTIPART_INVALID_PART},
IH %{MULTIPART_INVALID_HEADER_FOLDING},
FL %{MULTIPART_FILE_LIMIT_EXCEEDED}'"
SecRule MULTIPART_UNMATCHED_BOUNDARY "!@eq 0"
"id:'200004',phase:2,t:none,log,deny,msg:'Multipart parser detected a possible unmatched boundary.'"
SecPcreMatchLimit 1000
SecPcreMatchLimitRecursion 1000
SecRule TX:/^MSC_/ "!@Streq 0"
"id:'200005',phase:2,t:none,deny,msg:'ModSecurity internal error flagged: %{MATCHED_VAR_NAME}'"
SecResponseBodyAccess On
AddHandler application/x-httpd-php .php
SecResponseBodyMimeType text/html text/plain text/xml cgiscript application/json IBSCHECK multipart/form-data application/x-httpd-php-rul application/x-httpd-php application/x-httpd-php-source
SecResponseBodyLimit 52428800
SecResponseBodyLimitAction ProcessPartial
SecTmpDir /tmp/
SecDataDir /tmp/
SecUploadDir /usr/local/modsecurity/var/upload/
SecDebugLog /usr/local/modsecurity/var/log/debug.log
SecDebugLogLevel 9
SecAuditEngine RelevantOnly
SecAuditLogRelevantStatus "^(?:5|4(?!04))"
SecAuditLogParts ABIJDEFHZ
SecAuditLogType Serial
SecAuditLog /var/log/modsec_audit.log
SecArgumentSeparator &
SecCookieFormat 0
SecUnicodeMapFile unicode.mapping 20127
SecStatusEngine On
SecContentInjection On
SecStreamOutBodyInspection On
SecStreamInBodyInspection On
SecDisableBackendCompression On

Debug logs：

[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][5] Adding request cookie: name "safedog-flow-item", value "EC71BD5A46FD12824D8E74A9C12C0427"
[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][5] Adding request cookie: name "LiveWSALA30753779", value "1462865510506676409580"
[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][5] Adding request cookie: name "LiveWSDAT39022405", value "1464679047174645212986"
[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][5] Adding request cookie: name "LiveWSPUT49508300", value "1465793647551613302015"
[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][5] Adding request cookie: name "NALA30753779fistvisitetime", value "1466563655344"
[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][5] Adding request cookie: name "LiveWSDGT62528463", value "1469176573061699931617"
[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][5] Adding request cookie: name "LiveWSPKT22620733", value "1470707484683535026910"
[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][5] Adding request cookie: name "NPKT22620733fistvisitetime", value "1470707485418"
[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][5] Adding request cookie: name "NPKT22620733lastvisitetime", value "1470707485418"
[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][5] Adding request cookie: name "NPKT22620733visitecounts", value "1"
[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][5] Adding request cookie: name "NPKT22620733visitepages", value "1"
[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][5] Adding request cookie: name "LiveWSPKT87241726", value "1471833928317664340129"
[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][5] Adding request cookie: name "NPKT87241726fistvisitetime", value "1471833928393"
[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][5] Adding request cookie: name "LiveWSPFT89033907", value "1471833943925775177897"
[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][5] Adding request cookie: name "NPFT89033907fistvisitetime", value "1471833943992"
[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][5] Adding request cookie: name "pgv_pvi", value "5731661824"
[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][5] Adding request cookie: name "Hm_lvt_9981f16c2967ef5beef7f25498af03db", value "1471584629,1473302407"
[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][5] Adding request cookie: name "_ga", value "GA1.2.1883385858.1469599602"
[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][5] Adding request cookie: name "LiveWSLVT99239347", value "1474592633165609190605"
[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][5] Adding request cookie: name "NLVT99239347fistvisitetime", value "1474592633240"
[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][5] Adding request cookie: name "NLVT99239347lastvisitetime", value "1474592633240"
[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][5] Adding request cookie: name "NLVT99239347visitecounts", value "1"
[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][5] Adding request cookie: name "NLVT99239347visitepages", value "1"
[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][5] Adding request cookie: name "LiveWSDAT44381419", value "1474877828738788922356"
[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][5] Adding request cookie: name "NDAT44381419fistvisitetime", value "1474877828797"
[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][5] Adding request cookie: name "NDAT44381419visitecounts", value "1"
[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][5] Adding request cookie: name "NDAT44381419lastvisitetime", value "1474877829607"
[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][5] Adding request cookie: name "NDAT44381419visitepages", value "2"
[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][5] Adding request cookie: name "__unam", value "f121bf3-15765f4a49d-791466eb-24"
[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][5] Adding request cookie: name "LiveWSPGT95790234", value "1475120803731685166989"
[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][5] Adding request cookie: name "NPGT95790234fistvisitetime", value "1475120803924"
[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][5] Adding request cookie: name "NPGT95790234visitecounts", value "2"
[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][5] Adding request cookie: name "NPGT95790234lastvisitetime", value "1477358122354"
[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][5] Adding request cookie: name "NPGT95790234visitepages", value "5"
[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][5] Adding request cookie: name "LiveWSDET99108637", value "1477358490144730113259"
[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][5] Adding request cookie: name "NDET99108637fistvisitetime", value "1477358490155"
[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][5] Adding request cookie: name "NDET99108637visitecounts", value "1"
[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][5] Adding request cookie: name "NDET99108637lastvisitetime", value "1477358491444"
[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][5] Adding request cookie: name "NDET99108637visitepages", value "2"
[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][5] Adding request cookie: name "NALA30753779visitecounts", value "3"
[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][5] Adding request cookie: name "NALA30753779lastvisitetime", value "1477358956932"
[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][5] Adding request cookie: name "NALA30753779visitepages", value "11"
[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][5] Adding request cookie: name "NPFT89033907visitecounts", value "2"
[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][5] Adding request cookie: name "NPFT89033907lastvisitetime", value "1478599449026"
[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][5] Adding request cookie: name "NPFT89033907visitepages", value "6"
[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][5] Adding request cookie: name "NPKT87241726visitecounts", value "4"
[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][5] Adding request cookie: name "NPKT87241726lastvisitetime", value "1478656549769"
[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][5] Adding request cookie: name "NPKT87241726visitepages", value "7"
[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][5] Adding request cookie: name "LiveWSPUT39535982", value "1480573646487463965946"
[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][5] Adding request cookie: name "NPUT39535982fistvisitetime", value "1480573646498"
[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][5] Adding request cookie: name "NPUT39535982lastvisitetime", value "1480573646498"
[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][5] Adding request cookie: name "NPUT39535982visitecounts", value "1"
[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][5] Adding request cookie: name "NPUT39535982visitepages", value "1"
[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][5] Adding request cookie: name "pgv_pvid", value "3315450325"
[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][5] Adding request cookie: name "_jzqx", value "1.1470378729.1481709375.4.jzqsr=10%2E35%2E60%2E21|jzqct=/about-us%2Ehtml.jzqsr=35%2Ecom|jzqct=/member-login%2Ehtml"
[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][5] Adding request cookie: name "_jzqa", value "1.649806535579851000.1470378729.1479460908.1481709375.5"
[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][5] Adding request cookie: name "_qddaz", value "QD.e6ue4k.v6kgw2.iv9bvg1m"
[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][5] Adding request cookie: name "LXB_REFER", value "10.35.14.55"
[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][5] Adding request cookie: name "LiveWSPFT16640568", value "1487841395208569072582"
[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][5] Adding request cookie: name "NPFT16640568fistvisitetime", value "1487841395220"
[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][5] Adding request cookie: name "NPFT16640568lastvisitetime", value "1487841395220"
[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][5] Adding request cookie: name "NPFT16640568visitecounts", value "1"
[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][5] Adding request cookie: name "NPFT16640568visitepages", value "1"
[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][5] Adding request cookie: name "_checkcookie", value "b4780d635fac5c2e17ec47775ec63182"
[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][5] Adding request cookie: name "Hm_lvt_41b136360979f70676795ff994f52d52", value "1486538131"
[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][5] Adding request cookie: name "Hm_lpvt_41b136360979f70676795ff994f52d52", value "1488535354"
[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][5] Adding request cookie: name "UM_distinctid", value "15aa2e85413734-07b75507229d8b-6a11157a-13c680-15aa2e85414741"
[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][5] Adding request cookie: name "576ab9378c148a5c48ef3a2f0b1195f8", value "327fadd1ca5409e0737a33b978862412"

[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][4] Transaction context created (dcfg 1207240).
[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][4] Starting phase REQUEST_HEADERS.
[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][9] This phase consists of 3 rule(s).
[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][4] Recipe: Invoking rule 1223980; [file "/usr/local/apache/conf/modsecurity.conf"] [line "24"] [id "200000"].
[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][5] Rule 1223980: SecRule "REQUEST_HEADERS:Content-Type" "@rx (?:text|application)/xml" "phase:1,auditlog,id:200000,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=XML"
[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][4] Rule returned 0.
[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][9] No match, not chained -> mode NEXT_RULE.
[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][4] Recipe: Invoking rule 11a6c78; [file "/usr/local/apache/conf/modsecurity.conf"] [line "31"] [id "200001"].
[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][5] Rule 11a6c78: SecRule "REQUEST_HEADERS:Content-Type" "@rx application/json" "phase:1,auditlog,id:200001,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=JSON"
[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][4] Rule returned 0.
[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][9] No match, not chained -> mode NEXT_RULE.
[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][4] Recipe: Invoking rule 1243db0; [file "/usr/local/modsecurity/modsecurity-crs/crs-setup.conf"] [line "772"] [id "900990"].
[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][5] Rule 1243db0: SecAction "phase:1,auditlog,id:900990,nolog,pass,t:none,setvar:tx.crs_setup_version=300"
[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][9] CACHE: Disabled - REMOTE_ADDR value length=12, smaller than minlen=64
[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][4] Transformation completed in 3 usec.
[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][4] Executing operator "unconditionalMatch" with param "" against REMOTE_ADDR.
[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][9] Target value: "218.5.81.148"
[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][4] Operator completed in 2 usec.
[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][9] Setting variable: tx.crs_setup_version=300
[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][9] Set variable "tx.crs_setup_version" to "300".
[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][4] Warning. Unconditional match in SecAction. [file "/usr/local/modsecurity/modsecurity-crs/crs-setup.conf"] [line "772"] [id "900990"]
[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][4] Rule returned 1.
[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][9] Match -> mode NEXT_RULE.

[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][4] Second phase starting (dcfg 1207240).
[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][4] Input filter: This request does not have a body.
[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][9] Cleared transformation cache for phase 2
[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][4] Starting phase REQUEST_BODY.
[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][9] This phase consists of 4 rule(s).
[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][4] Recipe: Invoking rule 123a810; [file "/usr/local/apache/conf/modsecurity.conf"] [line "61"] [id "200002"].
[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][5] Rule 123a810: SecRule "REQBODY_ERROR" "!@eq 0" "phase:2,auditlog,id:200002,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:%{reqbody_error_msg},severity:2"
[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][9] CACHE: Disabled - REQBODY_ERROR value length=1, smaller than minlen=64
[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][4] Transformation completed in 0 usec.
[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][4] Executing operator "!eq" with param "0" against REQBODY_ERROR.
[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][9] Target value: "0"
[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][4] Operator completed in 6 usec.
[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][4] Rule returned 0.
[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][9] No match, not chained -> mode NEXT_RULE.
[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][4] Recipe: Invoking rule 123c608; [file "/usr/local/apache/conf/modsecurity.conf"] [line "82"] [id "200003"].
[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][5] Rule 123c608: SecRule "MULTIPART_STRICT_ERROR" "!@eq 0" "phase:2,auditlog,id:200003,t:none,log,deny,status:400,msg:'Multipart request body failed strict validation: PE %{REQBODY_PROCESSOR_ERROR}, BQ %{MULTIPART_BOUNDARY_QUOTED}, BW %{MULTIPART_BOUNDARY_WHITESPACE}, DB %{MULTIPART_DATA_BEFORE}, DA %{MULTIPART_DATA_AFTER}, HF %{MULTIPART_HEADER_FOLDING}, LF %{MULTIPART_LF_LINE}, SM %{MULTIPART_MISSING_SEMICOLON}, IQ %{MULTIPART_INVALID_QUOTING}, IP %{MULTIPART_INVALID_PART}, IH %{MULTIPART_INVALID_HEADER_FOLDING}, FL %{MULTIPART_FILE_LIMIT_EXCEEDED}'"
[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][9] CACHE: Disabled - MULTIPART_STRICT_ERROR value length=1, smaller than minlen=64
[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][4] Transformation completed in 0 usec.
[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][4] Executing operator "!eq" with param "0" against MULTIPART_STRICT_ERROR.
[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][9] Target value: "0"
[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][4] Operator completed in 2 usec.
[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][4] Rule returned 0.
[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][9] No match, not chained -> mode NEXT_RULE.
[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][4] Recipe: Invoking rule 123f478; [file "/usr/local/apache/conf/modsecurity.conf"] [line "87"] [id "200004"].
[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][5] Rule 123f478: SecRule "MULTIPART_UNMATCHED_BOUNDARY" "!@eq 0" "phase:2,auditlog,id:200004,t:none,log,deny,msg:'Multipart parser detected a possible unmatched boundary.'"
[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][9] CACHE: Disabled - MULTIPART_UNMATCHED_BOUNDARY value length=1, smaller than minlen=64
[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][4] Transformation completed in 0 usec.
[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][4] Executing operator "!eq" with param "0" against MULTIPART_UNMATCHED_BOUNDARY.
[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][9] Target value: "0"
[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][4] Operator completed in 2 usec.
[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][4] Rule returned 0.
[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][9] No match, not chained -> mode NEXT_RULE.
[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][4] Recipe: Invoking rule 1240b78; [file "/usr/local/apache/conf/modsecurity.conf"] [line "101"] [id "200005"].
[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][5] Rule 1240b78: SecRule "TX:/^MSC_/" "!@Streq 0" "phase:2,log,auditlog,id:200005,t:none,deny,msg:'ModSecurity internal error flagged: %{MATCHED_VAR_NAME}'"
[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][4] Rule returned 0.
[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][9] No match, not chained -> mode NEXT_RULE.
[14/Mar/2017:17:18:27 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][4] Hook insert_filter: Adding output filter (r 12799e0).

[14/Mar/2017:17:18:28 +0800] [test.domainxxx/sid#1224d00][rid#12799e0][/123.php][4] Initialising logging.

[14/Mar/2017:17:18:28 +0800] [test.domainxxx/sid#1224d00][rid#127c000][/cgi-bin/.parsephp/123.php][9] Cleared transformation cache for phase 5
[14/Mar/2017:17:18:28 +0800] [test.domainxxx/sid#1224d00][rid#127c000][/cgi-bin/.parsephp/123.php][4] Starting phase LOGGING.
[14/Mar/2017:17:18:28 +0800] [test.domainxxx/sid#1224d00][rid#127c000][/cgi-bin/.parsephp/123.php][9] This phase consists of 0 rule(s).
[14/Mar/2017:17:18:28 +0800] [test.domainxxx/sid#1224d00][rid#127c000][/cgi-bin/.parsephp/123.php][4] Recording persistent data took 0 microseconds.
[14/Mar/2017:17:18:28 +0800] [test.domainxxx/sid#1224d00][rid#127c000][/cgi-bin/.parsephp/123.php][4] Audit log: Ignoring a non-relevant request.

[bostrt]

Possibly related to #1311?