Re: [mod-security-users] 回复： Variable that holds scheme

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Dear huiming, hi

Do you think that there is variable in the config or do you suggest editing
the source codes?

On Fri, Apr 15, 2022 at 6:28 AM huiming via mod-security-users <
mod...@li...> wrote:

>
>
> seems scheme can be get  from ngx_http_request_s->schema
>
>
> ------------------ 原始邮件 ------------------
> *发件人:* "huiming" <877...@qq...>;
> *发送时间:* 2022年4月15日(星期五) 上午9:01
> *收件人:* "mod-security-users"<mod...@li...>;
> *主题:* 回复： [mod-security-users] Variable that holds scheme
>
> seems https://github.com/SpiderLabs/ModSecurity-nginx does not copy
> scheme from nginx to modsecurity.
>
> so mod can not get it.
>
>
> ------------------ 原始邮件 ------------------
> *发件人:* "mod-security-users" <ehs...@gm...>;
> *发送时间:* 2022年4月14日(星期四) 下午4:37
> *收件人:* "mod-security-users"<mod...@li...>;
> *主题:* Re: [mod-security-users] Variable that holds scheme
>
> Hi Andrew
>
> Yes, I am trying to answer the question, but not to treat them
> differently. I just need to log the scheme in the Modsecurity Audit log.
> I have tried different variables like REQUEST_URI
> <https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual-(v2.x)#REQUEST_URI>,
> REQUEST_URI_RAW
> <https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual-(v2.x)#REQUEST_URI_RAW> and
> etc. none of them contain the scheme!
>
>
> On Wed, Apr 13, 2022 at 3:38 PM Andrew Howe <and...@lo...>
> wrote:
>
>> Hi Ehsan,
>>
>> > This question might look basic, but I could not find the variable that
>> holds or contains the (http|https) scheme.
>>
>> Where are you trying to pull the scheme from? The scheme isn't
>> typically* transmitted in an HTTP request.
>>
>> A URL will usually be broken up into an HTTP request line and a Host
>> header, which usually looks something like:
>>
>>     GET /docs/ HTTP/2
>>     Host: coreruleset.org
>>
>> No scheme/protocol.
>>
>> What are you trying to achieve? Are you trying to answer the question
>> "did this request come in as plain text HTTP or has TLS termination
>> been performed", and then treat the two cases differently?
>>
>> Thanks,
>> Andrew
>>
>>
>> *You may find request lines containing a full 'absolute URI' which
>> includes the scheme, for example with a proxy server.
>> --
>>
>> Andrew Howe
>> Loadbalancer.org Ltd.
>> www.loadbalancer.org
>> +1 888 867 9504 / +44 (0)330 380 1064
>>
>>
>> _______________________________________________
>> mod-security-users mailing list
>> mod...@li...
>> https://lists.sourceforge.net/lists/listinfo/mod-security-users
>> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
>> http://www.modsecurity.org/projects/commercial/rules/
>> http://www.modsecurity.org/projects/commercial/support/
>>
>
>
> --
>                         regards
>                   Ehsan Mahdavi
>          Computer Engineering Ph.D.
>
>
> _______________________________________________
> mod-security-users mailing list
> mod...@li...
> https://lists.sourceforge.net/lists/listinfo/mod-security-users
> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
> http://www.modsecurity.org/projects/commercial/rules/
> http://www.modsecurity.org/projects/commercial/support/
>

-- 
                        regards
                  Ehsan Mahdavi
         Computer Engineering Ph.D.