Re: [Mod-security-developers] API Usage and Descriptions?
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [Mod-security-developers] API Usage and Descriptions?
|
From: Jai H. <jai...@mu...> - 2018-01-02 17:50:08
|
Does mod security use historical information when it applies rules? For example, does mod security know and use information about prior http requests when applying rules to the current one? On Thu, Dec 28, 2017 at 1:21 PM, Jai Harpalani <jai...@mu...> wrote: > Felipe, > > Thanks for the information. I will most likely have more questions as I > continue working on this. > > Thanks, > Jai > > On Fri, Dec 22, 2017 at 8:24 AM, Felipe Costa <FC...@tr...> > wrote: > >> Hi Jai, >> >> >> The idea is to have a transaction for each HTTP request. So, >> msc_new_transaction() should be called every time that a new connection is >> established. In additional to the ModSecurity v2.x phases, ModSecurity v3 >> can also process rules for this additional URI phase. That is after you got >> the connection details and before you get the client headers. >> >> >> You can find more details about how to implement a connector in the >> Transaction code: >> >> - https://github.com/SpiderLabs/ModSecurity/blob/v3/master/ >> src/transaction.cc >> >> You may also want to generate the doxygen docs: >> $ cd doc ; doxygen doxygen.cfg >> >> >> >> Notice that there is no phase on SecRules to hit the uri processing. At >> least not yet. We are aiming to support in upcoming versions. >> >> >> >> Br., >> >> *Felipe **“**Zimmerle” Costa * >> >> Security Researcher, Lead Developer ModSecurity. >> >> >> >> *Trustwave* | SMART SECURITY ON DEMAND >> >> www.trustwave.com >> >> >> ------------------------------ >> *From:* Jai Harpalani <jai...@mu...> >> *Sent:* Wednesday, December 20, 2017 3:52:27 PM >> *To:* mod...@li... >> *Subject:* [Mod-security-developers] API Usage and Descriptions? >> >> >> I have an application which already retrieves requests and responses from >> "the wire". I'm trying to add modSecurity to check the requests/responses >> for WAF errors using: >> >> msc_process_request_headers(); >> msc_process_request_body(); >> msc_process_response_headers(); >> msc_process_response_body(); >> >> I don't want WAF to necessarily take any action, just inform the caller >> if any problems were found. If this is possible, how is it done? >> >> Also, not sure what the purpose of the below APIs is for my specific >> application. >> >> msc_new_transaction(); >> msc_process_connection(t); >> msc_process_uri(); >> >> I was not able to locate a description of the above APIs. If detailed >> descriptions exist, please let me know where they are located. >> >> Thanks. >> >> ------------------------------------------------------------ >> ------------------ >> Check out the vibrant tech community on one of the world's most >> engaging tech sites, Slashdot.org! http://sdm.link/slashdot >> _______________________________________________ >> mod-security-developers mailing list >> mod...@li... >> https://lists.sourceforge.net/lists/listinfo/mod-security-developers >> ModSecurity Services from Trustwave's SpiderLabs: >> https://www.trustwave.com/spiderLabs.php >> > > |
