Re: [Mod-security-developers] API Usage and Descriptions?
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [Mod-security-developers] API Usage and Descriptions?
|
From: Jai H. <jai...@mu...> - 2017-12-28 19:50:22
|
Felipe, Thanks for the information. I will most likely have more questions as I continue working on this. Thanks, Jai On Fri, Dec 22, 2017 at 8:24 AM, Felipe Costa <FC...@tr...> wrote: > Hi Jai, > > > The idea is to have a transaction for each HTTP request. So, > msc_new_transaction() should be called every time that a new connection is > established. In additional to the ModSecurity v2.x phases, ModSecurity v3 > can also process rules for this additional URI phase. That is after you got > the connection details and before you get the client headers. > > > You can find more details about how to implement a connector in the > Transaction code: > > - https://github.com/SpiderLabs/ModSecurity/blob/ > v3/master/src/transaction.cc > > You may also want to generate the doxygen docs: > $ cd doc ; doxygen doxygen.cfg > > > > Notice that there is no phase on SecRules to hit the uri processing. At > least not yet. We are aiming to support in upcoming versions. > > > > Br., > > *Felipe **“**Zimmerle” Costa * > > Security Researcher, Lead Developer ModSecurity. > > > > *Trustwave* | SMART SECURITY ON DEMAND > > www.trustwave.com > > > ------------------------------ > *From:* Jai Harpalani <jai...@mu...> > *Sent:* Wednesday, December 20, 2017 3:52:27 PM > *To:* mod...@li... > *Subject:* [Mod-security-developers] API Usage and Descriptions? > > > I have an application which already retrieves requests and responses from > "the wire". I'm trying to add modSecurity to check the requests/responses > for WAF errors using: > > msc_process_request_headers(); > msc_process_request_body(); > msc_process_response_headers(); > msc_process_response_body(); > > I don't want WAF to necessarily take any action, just inform the caller if > any problems were found. If this is possible, how is it done? > > Also, not sure what the purpose of the below APIs is for my specific > application. > > msc_new_transaction(); > msc_process_connection(t); > msc_process_uri(); > > I was not able to locate a description of the above APIs. If detailed > descriptions exist, please let me know where they are located. > > Thanks. > > ------------------------------------------------------------ > ------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > mod-security-developers mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > ModSecurity Services from Trustwave's SpiderLabs: > https://www.trustwave.com/spiderLabs.php > |
