[mod-security-users] ModSecurity Example Lua Rule
Brought to you by:
victorhora,
zimmerletw
From: Brian R. <bre...@gm...> - 2010-08-13 15:43:13
|
All, I was going through some old ModSecurity examples I had and came across an old Lua example I was working on. I am attaching it here if anyone finds it useful. The script implements a sort of crude way to detect session hijacking, but mostly it serves as an example of how Lua can be used with ModSecurity to extend the concept of persistence. This example uses a sqlite DB to store data about sessions. One of the reasons this was never released is because it illustrated some problems with the Lua implementation in ModSecurity. There needs to be a mechanism to allow Lua rules to run some initialization code without having to do it every time (ie load some constants/config, create DB handles, create DB schemas if not yet done, etc). These are all items I planned to implement before I left, but they never happened. Anyhow, please use the example however you want. Ryan, please consider adding it (or something similar) to the docs. later, -B |