Thread: [mod-security-users] problem with mod_proxy and showing custom error documents
Brought to you by:
victorhora,
zimmerletw
From: Wouter C. <W.C...@pr...> - 2009-11-27 10:15:31
|
Hi everyone, I'm currently using mod_security in a reverse proxy setup with apache 2.2 and mod_proxy. I'm having a small but annoying problem. When an error message occurs on the proxied server (status 500 error), I would like to log the error information (auditlog, the 'E' part) and show a custom error 500 document to the visitor. If I activate ProxyErrorOverride in mod_proxy, I can show the custom error 500 document, but I cannot log the original body of the error 500 page. I guess mod_proxy doesn't present the body to mod_security. If I deactivate ProxyErrorOverride, I can log the error, but I cannot show a custom error document. Whatever I put in ErrorDocument (even a redirect to an external site), I always get the standard apache 500 error message with the following information added 'Additionally, a 500 Internal Server Error error was encountered while trying to use an ErrorDocument to handle the request.' I use the following rule: SecRule RESPONSE_STATUS "^5\d{2}$" "phase:4,ctl:auditLogParts=+E,auditlog,status:500,deny" Is there a workaround for this problem? Cheers, Wouter Callewaert System & Network administrator |
From: Ivan R. <iva...@gm...> - 2009-11-27 11:11:05
|
On Fri, Nov 27, 2009 at 9:59 AM, Wouter Callewaert <W.C...@pr...> wrote: > > Hi everyone, > > I'm currently using mod_security in a reverse proxy setup with apache 2.2 and mod_proxy. > I'm having a small but annoying problem. When an error message occurs on the proxied server (status 500 error), I would like to log the error information (auditlog, the 'E' part) and show a custom error 500 document to the visitor. > If I activate ProxyErrorOverride in mod_proxy, I can show the custom error 500 document, but I cannot log the original body of the error 500 page. > I guess mod_proxy doesn't present the body to mod_security. Yes, that's reasonable to assume. mod_proxy will probably discard the body of an error-ed response. > If I deactivate ProxyErrorOverride, I can log the error, but I cannot show a custom error document. Whatever I put in ErrorDocument (even a redirect to an external site), I always get the standard apache 500 error message with the following information added 'Additionally, a 500 Internal Server Error error was encountered while trying to use an ErrorDocument to handle the request.' > > I use the following rule: > > SecRule RESPONSE_STATUS "^5\d{2}$" "phase:4,ctl:auditLogParts=+E,auditlog,status:500,deny" > > Is there a workaround for this problem? It could be that ModSecurity is catching your error responses. You might be able to determine that from cranking up the error log and observing closely what happens. It may help if you set ErrorDocument to a script, and then in the script change the response status code to a non-5xx response. That may bypass the above rule (assuming that's the problem, of course). > Cheers, > > Wouter Callewaert > System & Network administrator > > > > ------------------------------------------------------------------------------ > Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day > trial. Simplify your report design, integration and deployment - and focus on > what you do best, core application coding. Discover what's new with > Crystal Reports now. http://p.sf.net/sfu/bobj-july > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Appliances, Rule Sets and Support: > http://www.modsecurity.org/breach/index.html > -- Ivan Ristic ModSecurity Handbook [https://www.feistyduck.com] SSL Labs [https://www.ssllabs.com/ssldb/] |