SecHashing href rewrites to invalid href

[scaarup]

I am serving this html in the directory meta on an apache behind nginx with modsecurity 2.8:

<html>
<body>
<a href="subedit.pml?testparam=123456">Edit</a>
<a href="/admin/index.pml?testparam=123456">Admin</a>
</body>
</html>

With these settings:
SecContentInjection On
SecStreamOutBodyInspection On
SecDisableBackendCompression On

SecHashEngine On
SecHashParam "hmac"
SecHashKey "rand" "KeyOnly"
SecHashMethodRx "HashHref" "testparam"

The html presented to the client looks like:

<html><body>
<a href="/meta/subedit.pml?testparam=123456&hmac=2e90fe01904715639c65b8c8c424e24d159bd79e">Edit</a>
<a href="/meta/admin/index.pml?testparam=123456&hmac=91318d8dd856e50fca4e86e51b840bee3b9dd5c4">Admin</a>
</body></html>

As you can see, both hrefs are now prefixed with "/meta/" which the 2nd href does not exist on my server and therefore breaks my application. I have sniffed the traffic directly on the apache-server, and it serves nginx/modsec with html exactly as it looks like in the original html file. So that concludes that it is modsecurity which rewrites it wrongly.

[scaarup]

Has this been forgotten? :)

[scaarup]

@zimmerle It has been a year - is this forgotten?

[csanders-git]

Let me take a look at that today... not many people use this functionality so it'll be interesting

[csanders-git]

@scaarup can you tell me what version of libXML you are using?

[scaarup]

@csanders-git I am using 2.7.6