Re: [mod-security-users] Passing X-Forwarded-For header with setenv
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] Passing X-Forwarded-For header with setenv
|
From: Christian F. <chr...@ne...> - 2016-09-11 15:38:23
|
Hello Gryzli, There is a problem with your request. I do not think I understand the situation. On Sun, Sep 11, 2016 at 05:46:49AM +0300, Gryzli Bugbear wrote: > 1) Currently I have rules which are using exec: /some_script.sh in > combination with "setenv" in order to send parameters to the script, by > using the environment variables So you have setenv -> script working? > 2) I need some way to pass a given header (for example: X-Forwarded-For, > but it could be anything else) to my custom script, by using setenv But setenv -> script does not work for X-Forwarded-For? > Is this possible and if 'yes', what is the right way to do it ? Passing variables to scripts is really annoying in ModSec. The execption are lua scripts which turn with full access to the apache environment. When I need a lot of different variables in a non-lua script, I usually assemble them CSV into a TX variable, base64encode the TX variable and call the script with the TX variable as parameter. It's a hack, but much to my own surprise I have such a setup running in a stable way for years now. Cheers, Christian > > Thanks ! > > > Regards, > > Gryzli > > > ------------------------------------------------------------------------------ > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ -- https://www.feistyduck.com/training/modsecurity-training-course mailto:chr...@ne... twitter: @ChrFolini |
