From: Florian S. <flo.sch@gm...> - 2009-10-29 17:14:26
I'm experiencing some (imho) strange behavior regarding the processing
phase of RESPONSE_CONTENT_TYPE:
This gives me the correct value:
SecRule "RESPONSE_CONTENT_TYPE" "@rx .*" "phase:'4', log, pass,
This does not get triggered:
SecRule "RESPONSE_CONTENT_TYPE" "@rx .*" "phase:'3', log, pass,
The same problem shows up with RESPONSE_HEADERS:Content-Type.
First of all, the 3rd phase should (intuitively) be suitable for reading
The documentation approves that:
For me, doing that in phase 3 is very important, since an external
filter for the body gets enabled by an environment var setted depending
of the Content-Type:
SecRule "RESPONSE_CONTENT_TYPE" "@contains text/html" "chain, phase:'3',
SecRule "other checks..."
ExtFilterDefine filter cmd="/bin/awk ..." enableenv=DO_FILTER
That's why phase 4 is too late for me.
ModSecurity/2.5.10 is running on Apache/2.2.14 in reverse-proxy! mode.
Backend and Proxy give me 'Content-Type: text/html;charset=utf-8', so it
Thanks in advance: