Re: [mod-security-users] Add Headers with NGinx and ModSecurity
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] Add Headers with NGinx and ModSecurity
|
From: Mikaël P. <mik...@bo...> - 2020-09-17 18:49:48
|
Really ? We can't add a custom response header in Nginx if an env variable
is set in ModSec? Like in the example with Apache:
# In ModSec rules file, define 'ratelimit_limit' env variable
SecRule &TX:IS_API_REQ "@eq 1"
"id:'129793',phase:2,setenv:'ratelimit_limit=%{tx.api_req_counter_max}'"
# In Apache conf, use mod_header to set Header based on that env variable
Header always set X-RateLimit-Limit "%{ratelimit_limit}e"
Le jeu. 17 sept. 2020 à 19:51, Christian Folini <chr...@ne...>
a écrit :
>
> Unfortunately not. NGINX does not even let ModSec inspect the response,
> let alone manipulate it. It's an architecture decision with the webserver.
>
> Christian
>
|
