Re: [Mod-security-developers] Finding triggered RuleIds
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [Mod-security-developers] Finding triggered RuleIds
|
From: Ervin H. <ai...@gm...> - 2019-03-21 15:28:53
|
Hi Jai, once upon I've discussed about this with @zimmerle, and he helped me with this links: https://github.com/SpiderLabs/ModSecurity/blob/1ecd9713061c3534626bf6a5f59d1c928c0c52bb/examples/reading_logs_via_rule_message/reading_logs_via_rule_message.h#L141-L142 https://github.com/SpiderLabs/ModSecurity/blob/f77db2cc2eff4808ad59118f1a11baea8f849b04/headers/modsecurity/modsecurity.h#L242-L267 https://github.com/SpiderLabs/ModSecurity/blob/ad28de4f14e47d3c6b479a1d043f2bd0b7a17706/headers/modsecurity/rule_message.h You can set up a log callbck function, which will got a structure, and you don't need to parse the logfile. Try this and let me know what you got. a. On Thu, Mar 21, 2019 at 3:29 PM Jai Harpalani via mod-security-developers < mod...@li...> wrote: > We are integrating ModSecurity into our product as a library, and using it > to evaluate owasp crs rules. > > For anyone else doing this, can you explain how your calling code is > determining which ruleId(s) were triggered as a result of > calling processRequestHeaders(), processRequestBody(), > processResponseHeaders(), processResponseBody()? > > Curious how this is being done in ModSec 3.0.2 and if it is done > differently with version 3.0.3. > _______________________________________________ > mod-security-developers mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > ModSecurity Services from Trustwave's SpiderLabs: > https://www.trustwave.com/spiderLabs.php |
