Hi Christian,
Thank you for your answer.
Maybe a future evolution ?
Have a nice day.
Regards
Claude
________________________________
De : Christian Folini <chr...@ne...>
Envoyé : samedi 13 avril 2019 20:41
À : mod...@li...
Objet : Re: [mod-security-users] Problem with message in EventLog
Hi Claude,
You can not customize it. It's hard coded.
Regards,
Christian
On Sat, Apr 13, 2019 at 09:06:37AM +0000, XXXXXXXXXXXXXX wrote:
> Hello,
>
>
>
> I'm using Mod Security 2.9.3 with IIS 10.
>
> It works well but I can’t distinguish the impacted site in the message generated in the EventLog.
>
>
>
> Here an example:
>
> [client x.x.x.x] ModSecurity: Warning. detected XSS using libinjection. [file "C:\/Program Files/ModSecurity IIS/owasp_crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "64"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: <script>alert(\x22Hello! I am an alert box!\x22);</script> found within ARGS:faille: <script>alert(\x22Hello! I am an alert box!\x22);</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "TEST-WEB"] [uri "/verif.php"] [unique_id "18158513699705323522"]
>
>
>
> The url is https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Ftest-xss.localdomain&data=02%7C01%7C%7Cc14cb721bd214b58324008d6c03fe998%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636907778065680843&sdata=LbqycVer9jtgdmuqiTLaOZOxk18RUZWjH6aFjFdlA0o%3D&reserved=0
>
>
>
> I would rather see [hostname "test-xss.localdomain "] instead of [hostname "TEST-WEB"], where TEST-WEB is the name of the server hosting multiple sites.
>
> I can't find how to customize the EventLog message.
>
>
>
> Thanks
>
> _______________________________________________
> mod-security-users mailing list
> mod...@li...
> https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.sourceforge.net%2Flists%2Flistinfo%2Fmod-security-users&data=02%7C01%7C%7Cc14cb721bd214b58324008d6c03fe998%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636907778065690854&sdata=CJYI%2Fg3r1rup%2BeeddoD6%2F7g2tE1CxgWuWvzDul%2BQjXs%3D&reserved=0
> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
> https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.modsecurity.org%2Fprojects%2Fcommercial%2Frules%2F&data=02%7C01%7C%7Cc14cb721bd214b58324008d6c03fe998%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636907778065690854&sdata=JOlzefxd2QjcByBZV6kqBWOjTX1ueitX4vLlZ4f7isw%3D&reserved=0
> https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.modsecurity.org%2Fprojects%2Fcommercial%2Fsupport%2F&data=02%7C01%7C%7Cc14cb721bd214b58324008d6c03fe998%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636907778065690854&sdata=qll1hp%2ByIymn6prdQHLXii%2FLRaVb4n%2FuZSuFt%2FoqPG0%3D&reserved=0
_______________________________________________
mod-security-users mailing list
mod...@li...
https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.sourceforge.net%2Flists%2Flistinfo%2Fmod-security-users&data=02%7C01%7C%7Cc14cb721bd214b58324008d6c03fe998%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636907778065690854&sdata=CJYI%2Fg3r1rup%2BeeddoD6%2F7g2tE1CxgWuWvzDul%2BQjXs%3D&reserved=0
Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.modsecurity.org%2Fprojects%2Fcommercial%2Frules%2F&data=02%7C01%7C%7Cc14cb721bd214b58324008d6c03fe998%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636907778065690854&sdata=JOlzefxd2QjcByBZV6kqBWOjTX1ueitX4vLlZ4f7isw%3D&reserved=0
https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.modsecurity.org%2Fprojects%2Fcommercial%2Fsupport%2F&data=02%7C01%7C%7Cc14cb721bd214b58324008d6c03fe998%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636907778065690854&sdata=qll1hp%2ByIymn6prdQHLXii%2FLRaVb4n%2FuZSuFt%2FoqPG0%3D&reserved=0
|
