Thread: [mod-security-users] custom 403 page with
Brought to you by:
victorhora,
zimmerletw
From: Terry <te...@bl...> - 2010-02-14 19:17:05
|
I have a custom error page but I would like to set up this as per the config file You should also add # mod_unique_id to your configuration and display the unique # request ID on the error page. This would allow your users to # report the request ID back to you so that you can investigate What is the best plan get the id to display in the error page. ( Apache/2.2 ) The plan is then to use SecRuleRemoveById incase I have any false positives. Thanks Terry |
From: Jamuse <ja...@gm...> - 2010-02-14 21:37:50
|
On Sun, Feb 14, 2010 at 9:16 PM, Terry <te...@bl...> wrote: > I have a custom error page but I would like to set up this as per the > config file > > You should also add > # mod_unique_id to your configuration and display the unique > # request ID on the error page. This would allow your users to > # report the request ID back to you so that you can investigate > > What is the best plan get the id to display in the error page. ( > Apache/2.2 ) > You can include the unique id by referencing the REDIRECT_UNIQUE_ID environment variable ($_SERVER["REDIRECT_UNIQUE_ID") in your custom 403 error message. - J |
From: Brian R. <Bri...@br...> - 2010-02-15 08:04:39
|
Jamuse wrote: > > > On Sun, Feb 14, 2010 at 9:16 PM, Terry <te...@bl... > <mailto:te...@bl...>> wrote: > > I have a custom error page but I would like to set up this as per the > config file > > You should also add > # � � �mod_unique_id to your configuration and display the unique > # � � �request ID on the error page. This would allow your users to > # � � �report the request ID back to you so that you can investigate > > What is the best plan get the id to display in the error page. ( > Apache/2.2 ) > > > You can include the unique id by referencing the REDIRECT_UNIQUE_ID > environment variable ($_SERVER["REDIRECT_UNIQUE_ID") in your custom 403 > error message. I think maybe you mixed up the unique (transaction) ID and the rule ID? I would not add the rule ID, but you can add pretty much anything by exporting to the environment via the setenv action. setenv:'MSC_DATA=some text and the %{ENV.UNIQUE_ID}' Then use REDIRECT_MSC_DATA in the error page. -B -- Brian Rectanus Breach Security |