[mod-security-users] ModSecurity phase timing
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
[mod-security-users] ModSecurity phase timing
|
From: Gregory L. <gr...@cl...> - 2018-03-21 03:19:24
|
Hello,
Is access to phase timing known to work in ModSecurity 3.x with Nginx?
For example, should I be able to write a SecAction in phase:5 to
log PERF_PHASE2, or PERF_ALL, etc.?
I'm using an earlier version of Nginx, and I have such rules, and lines for
them do, in fact, show up in the log, but without the performance
information. For example, this (which I include in
RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf):
SecAction "id:90110, phase:5, pass, t:none, log, noauditlog, msg:'PERF_ALL:
%{PERF_ALL}'"
shows up in the log as:
... [id "90110"] [rev ""] [msg "PERF_ALL: "] [data ""] [severity "0"] [ver
""] [maturity "0"] [accuracy "0"] ...
Just curious whether this should be considered possible now or whether
anyone already may have had success doing so.
Thank you,
Gregory
|
