SecRuleUpdateActionById redirect not working #2005
Description
Describe the bug
The redirect action doesn't work. I wanted to redirect a php-leakage page back to the index page, but it never did. This is the rule I used in RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf file:
# php leakage, redirect to index.
SecRuleUpdateActionById 959100 "t:none,redirect:'https://%{request_headers.host}/'"
Logs and dumps
Here are the DebugLogs (level 9), AuditLogs and Error logs
I also attached the "test.php" file, which I accessed to test the rule. You can easily expect the output.
The nginx.conf file is additional, in case that you'll want to have a look.
Steps to reproduce the behavior
Just access /test.php page and it seemed to lost connection. You can have a try.
Example error page
Expected behavior
It should redirect me back to the index page, but it didn't.
Server
ModSecurity version (and connector):
ModSecurity v3.0.3
Not sure, I only know it's v1.0.*
WebServer: nginx-1.14.2
OS: CentOS Linux release 7.6.1810 (Core)
Rule Set
OWASP ModSecurity Core Rule Set ver.3.2.0
Please let me know if you need any further information, thanks.
P.S.
An interesting thing is, if I set the outbound threshold to a larger value, the error page will be printed out, but still not redirceting me to the index page.
access.log
error.log
modsec_audit.log
modsec_debug.log
nginx.conf.txt
test.php.txt
website.conf.txt