Re: [mod-security-users] Add Headers with NGinx and ModSecurity
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] Add Headers with NGinx and ModSecurity
|
From: Mikaël P. <mik...@bo...> - 2020-09-18 13:38:50
|
I succeeded using NGinx Lua module.
In my modsec conf:
SecRule TX:IS_API_REQ "@eq 1" \
"id:6,\
phase:1,\
pass,\
nolog,\
setenv:'ratelimit_limit=%{tx.api_req_counter_max}',\
setenv:'ratelimit_counter=%{session.api_req_counter}',\
setenv:'ratelimit_reset=%{session.api_req_counter__expire_timestamp}'"
Nginx Conf:
...
location /api/ {
set_by_lua $ratelimit_limit 'return os.getenv("ratelimit_limit")';
set_by_lua $ratelimit_remaining 'return os.getenv("ratelimit_limit")
- os.getenv("ratelimit_counter")';
set_by_lua $ratelimit_reset 'return os.getenv("ratelimit_reset")';
add_header X-RateLimit-Limit "$ratelimit_limit";
add_header X-RateLimit-Remaining "$ratelimit_remaining";
add_header X-RateLimit-Reset "$ratelimit_reset";
...
}
...
Le ven. 18 sept. 2020 à 09:53, Christian Folini <chr...@ne...>
a écrit :
> On Fri, Sep 18, 2020 at 09:11:11AM +0430, Ehsan Mahdavi wrote:
> > Hi
> >
> > You can use nginx directives to add headers like nginx directive
> > add_header.
>
> Oops. I thought this was not possible, but now I realize I was thinking of
> the response body. Of course I was wrong.
>
> Sorry for the misinformation on my behalf. I'm too much of an Apache
> person.
>
> Christian
>
>
> >
> > I personally recommend using extra module headers-more. It can be found
> here
> >
> > https://github.com/openresty/headers-more-nginx-module
> >
> > On Thu, Sep 17, 2020, 21:37 Mikaël Pirio <mik...@bo...>
> > wrote:
> >
> > > Hello,
> > >
> > > I use libModSecurity 3.0.3 and I would like to know if we can add
> > > responses headers (with nginx) like we can do with Apache (use
> `setenv` in
> > > rule and use this env variable in Apache config) ?
> > >
> > > Thanks,
> > > _______________________________________________
> > > mod-security-users mailing list
> > > mod...@li...
> > > https://lists.sourceforge.net/lists/listinfo/mod-security-users
> > > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
> > > http://www.modsecurity.org/projects/commercial/rules/
> > > http://www.modsecurity.org/projects/commercial/support/
> > >
>
>
> > _______________________________________________
> > mod-security-users mailing list
> > mod...@li...
> > https://lists.sourceforge.net/lists/listinfo/mod-security-users
> > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
> > http://www.modsecurity.org/projects/commercial/rules/
> > http://www.modsecurity.org/projects/commercial/support/
>
>
>
> _______________________________________________
> mod-security-users mailing list
> mod...@li...
> https://lists.sourceforge.net/lists/listinfo/mod-security-users
> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
> http://www.modsecurity.org/projects/commercial/rules/
> http://www.modsecurity.org/projects/commercial/support/
>
|
