Re: [mod-security-users] ModSecurity phase timing
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] ModSecurity phase timing
|
From: Felipe Z. <fe...@zi...> - 2018-03-26 16:46:01
|
Hi, https://github.com/SpiderLabs/ModSecurity/blob/v3/master/headers/modsecurity/transaction.h#L481-L485 Contains the id of the transaction along all the information that you may need to know about it. There are other means to read "timing", no need to use performance variables for that. https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#DURATION Br., Felipe. On Mon, Mar 26, 2018 at 1:16 PM Robert Paprocki < rpa...@fe...> wrote: > Yes but how do you correlate this to a specific, known request? > > And what is to be done with rulesets that rely on phase timing data? Are > they unsupported forever? > > > On Mar 26, 2018, at 08:52, Felipe Costa <FC...@tr...> wrote: > > Hi, > > > > > > > On 3/23/18, 5:29 PM, "Christian Folini" <chr...@ne...> > wrote: > > > > > > Hey Zimmerle, > > > > > > That makes sense, but I think it does not hold up when you look > closer. > > > > > > > Why do you think so? > > > > > > > Correct me if I am wrong, but correlating stap with an individual > request > > > is much more difficult than saving the perf-data out of ModSec > directly > > > into the access-log (Apache / ModSec 2.9) or error-log (NGINX / > ModSec 3.0). > > > IMHO it is easy as there is no file to be parsed. > > > > (…) > > > > > > Br., > > Felipe “Zimmerle” Costa > > Security Researcher, Lead Developer ModSecurity. > > Trustwave | SMART SECURITY ON DEMAND > > www.trustwave.com <http://www.trustwave.com/> > > > > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ > > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ > |
