[Mod-security-developers] Question regarding calls to serverLog()
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
[Mod-security-developers] Question regarding calls to serverLog()
|
From: Jai H. <jai...@mu...> - 2019-02-21 00:03:57
|
We are integrating ModSecurity into our product as a library, and using it to evaluate owasp crs rules. With version 3.0.2, all was working relatively well. With version 3.0.3, we are encountering problems. Details below. We invoke setServerLogCb(ourCallbackMethod) and expect that ourCallbackMethod() will be invoked whenever a rule is triggered. This is the only way we know a rule has triggered, and this was working with version 3.0.2. With 3.0.3, this scheme does not work for all rules. Looking at the code in rule.cc, I notice that logic surrounding the invocation of trans->serverLog() which eventually invokes ourCallbackMethod() has changed. Due to these changes, ourCallbackMethod() is not called for all rules. First question: Why were these changes made, and can they be reverted? Second question: Are there other ways for our product-specific code to know that a rule has been triggered along with all the information in modsecurity::RuleMessage? In other words, are there any other hooks into ModSecurity that our product-specific code can use to get this information? BTW, I am seeing a 2x speedup with version 3.0.3 vs 3.0.2 which is great. Good job on making ModSecurity more performant! |
