On 02/10/12 11:51, Brian Kroth wrote:
> Basically my hack around method uses mod_uniqueid and a Perl cgi
> ErrorDocument (in case PHP isn't available) to tail the error_log and
> look for a message with that UNIQUE_ID (which should be in the
> environment). It requires that the web user has access to read the
> file though.
> If you want I can package up the code and send it to you, but it
> should be pretty easy to figure out from that.
Thanks for that - I had already thought of that - but as we run
mod_security within a chroot jail, the logs aren't available to PHP -
and I'm not willing to move the logs into the jail (and change their
perms) just to make this work
This seems such an obvious feature to me: is this a
"bug"/lack-of-a-feature within mod_security, or is this an Apache issue?
Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1