> I am contemplating this alternative in 1.9.x, since it is not possible to
> link user-defined actions and libraries. I am planning to use redirect as an
> action to URL which is a servlet to execute our program. How can I pass
> parameters to this servlet in querry string. Any hacks. In some cases we
> just have to execute a program, without any params.
> What do you think ? I have championed mod-security in our evaluation
> appreciate your help in succeeding :)
You can do two things:
1. Use an ErrorDocument (look it up in the Apache documentation if
you're not familiar with it) to have a custom script executed when a
transaction is rejected.
2. Use the "exec" action to execute a custom external binary when a
rule is triggered.
Both would allow you to implement custom actions. I prefer 1.
Ivan Ristic, Technical Director
Thinking Stone, http://www.thinkingstone.com
ModSecurity: Open source Web Application Firewall