Re: [mod-security-users] ModSecurity phase timing
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] ModSecurity phase timing
|
From: Felipe C. <FC...@tr...> - 2018-03-23 13:14:20
|
Hi Gregory, Indeed, the PERF_ related variables are not supported in v3. The reason for that is the fact that you can use linux instrumentation to measure those performance numbers with better accuracy. As the PERF generation itself was already impacting on the performance. For further info, please have a look here: https://github.com/SpiderLabs/ModSecurity/issues/1011 Br., Felipe “Zimmerle” Costa Security Researcher, Lead Developer ModSecurity. Trustwave | SMART SECURITY ON DEMAND www.trustwave.com<http://www.trustwave.com/> From: Gregory LeFevre <gr...@cl...> Reply-To: "mod...@li..." <mod...@li...> Date: Wednesday, March 21, 2018 at 12:21 AM To: "mod...@li..." <mod...@li...> Subject: [mod-security-users] ModSecurity phase timing Hello, Is access to phase timing known to work in ModSecurity 3.x with Nginx? For example, should I be able to write a SecAction in phase:5 to log PERF_PHASE2, or PERF_ALL, etc.? I'm using an earlier version of Nginx, and I have such rules, and lines for them do, in fact, show up in the log, but without the performance information. For example, this (which I include in RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf): SecAction "id:90110, phase:5, pass, t:none, log, noauditlog, msg:'PERF_ALL: %{PERF_ALL}'" shows up in the log as: ... [id "90110"] [rev ""] [msg "PERF_ALL: "] [data ""] [severity "0"] [ver ""] [maturity "0"] [accuracy "0"] ... Just curious whether this should be considered possible now or whether anyone already may have had success doing so. Thank you, Gregory |
