Re: [mod-security-users] Variable that holds scheme

[Ehsan M. <ehs...@gm...>]

Hi Andrew

Yes, I am trying to answer the question, but not to treat them differently.
I just need to log the scheme in the Modsecurity Audit log.
I have tried different variables like REQUEST_URI
<https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual-(v2.x)#REQUEST_URI>
, REQUEST_URI_RAW
<https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual-(v2.x)#REQUEST_URI_RAW>
and
etc. none of them contain the scheme!


On Wed, Apr 13, 2022 at 3:38 PM Andrew Howe <and...@lo...>
wrote:

> Hi Ehsan,
>
> > This question might look basic, but I could not find the variable that
> holds or contains the (http|https) scheme.
>
> Where are you trying to pull the scheme from? The scheme isn't
> typically* transmitted in an HTTP request.
>
> A URL will usually be broken up into an HTTP request line and a Host
> header, which usually looks something like:
>
>     GET /docs/ HTTP/2
>     Host: coreruleset.org
>
> No scheme/protocol.
>
> What are you trying to achieve? Are you trying to answer the question
> "did this request come in as plain text HTTP or has TLS termination
> been performed", and then treat the two cases differently?
>
> Thanks,
> Andrew
>
>
> *You may find request lines containing a full 'absolute URI' which
> includes the scheme, for example with a proxy server.
> --
>
> Andrew Howe
> Loadbalancer.org Ltd.
> www.loadbalancer.org
> +1 888 867 9504 / +44 (0)330 380 1064
>
>
> _______________________________________________
> mod-security-users mailing list
> mod...@li...
> https://lists.sourceforge.net/lists/listinfo/mod-security-users
> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
> http://www.modsecurity.org/projects/commercial/rules/
> http://www.modsecurity.org/projects/commercial/support/
>


-- 
                        regards
                  Ehsan Mahdavi
         Computer Engineering Ph.D.
               CEO at aspaco.org
         http://emahdavi.ece.iut.ac.ir/