We setup custom apache error pages that display modsec message details
to "trusted" developer networks.
I imagine you could make your ajax calls just return the contents of
those error responses in a similar manner. You could potentially even
use the response code as a clue to what went wrong.
Chaminda Attanayake <chaminda.attanayake@...> 2011-10-28 10:54:
> I started using mod-security in my Ajax based web application. I am using
> jboss as my web server and apache/mod-security is used for securing my
> web application in network based deployment.
> When ajax calls come in to the apache server, my rules analyze the request
> and check input data for invalid/unacceptable texts. If the text is
> invalid, I want to log it , block the request and then send the user a
> message (response back to the client). I tried using `redirect' action but
> it was not successful because of asynchronous mode (Ajax).
> My question is .. how can I send a response back to the client after
> blocking the request? (with a pop up message to the user with "The data
> you entered is not allowed. Please contact administrator" and then close
> the windows opened.