Re: [mod-security-users] Custom Headers
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] Custom Headers
|
From: Christian F. <chr...@ne...> - 2020-11-18 08:22:05
|
Hey Matt,
I am not very well versed in things NGINX. But it is not as obvious as it
seems.
Conceptually, there are at least two ways here:
(1) Have ModSec access the SSL variable and write it into the msg / logdata
of a rule
(2) Have ModSec access the HTTP request variable and write it into the
msg / logdata of a rule
(3) Dirty hack
Now (2) is blocked as new headers added by the webserver itself are not
accessible from ModSec. At least this is what the situation is on
Apache/ModSec2. It might be different on NGINX, but you ought to try it.
(1) on the other hand is tricky as ModSec needs a way to access the mod_ssl
variables. But as far as I know, this is not implemented.
(3) There is a dirty hack that I sometimes use on Apache: I add stuff via
mod_headers, then I proxy onto the same Apache (different port) and there,
the new header becomes available, then I'm ready to proxy to the backend.
Cheers,
Christian
On Tue, Nov 17, 2020 at 02:04:10PM +0000, Matt Ward wrote:
> I am hoping this is a relatively straight forward question, but I have been struggling with it for some time and cannot find any examples online.
>
> We are using ModSecurity 3.04 with NGINX and trying to get a custom header written to the audit log with every transaction. Essentially, we want to write the $ssl_client_s_dn_cn variable to the audit log which is populated by the users PKI certificate when they login through a reverse proxy. This info is set in a header to available to applications so if you had something similar to:
>
> proxy_set_header ClientUsername $ssl_client_s_dn_cn.
>
> How would you craft a modsec rule to write client username to the audit log?
>
> Thanks in advance,
>
> Matt
>
>
> _______________________________________________
> mod-security-users mailing list
> mod...@li...
> https://lists.sourceforge.net/lists/listinfo/mod-security-users
> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
> http://www.modsecurity.org/projects/commercial/rules/
> http://www.modsecurity.org/projects/commercial/support/
|
