Re: [mod-security-users] Variable that holds scheme
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] Variable that holds scheme
|
From: Andrew H. <and...@lo...> - 2022-04-15 16:24:30
|
Hi Ehsan,
Something that only just occurred to me: can you not infer the scheme
from the destination port in the audit logs? E.g.:
---YERQU2yt---A--
[15/Apr/2022:16:04:31 +0000] 1650038671 172.20.0.1 44940 172.20.0.3 80
An example of a plain text HTTP request (note port 80 at the very end
of the line).
You could also maybe make use of ModSecurity's SERVER_PORT variable
and do something with that (see
https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual-(v2.x)#server_port).
It's also fairly common practice for reverse proxies to add the
request header "X-Forwarded-Proto", set to either "http" or "https",
when TLS/SSL termination is involved. Maybe you could instruct Nginx
to add such a header (although I don't know how the order of execution
works in Nginx: it might add headers _after_ giving the request to
ModSecurity, so that might not work.)
You could also, if absolutely necessary, put a reverse proxy in front
of your Nginx instance (maybe even just define an Nginx proxy), and
have *that* proxy insert an "X-Forwarded-Proto" header which would
then be passed to your ModSecurity instance. That's probably the
least-good solution, though.
Thanks,
Andrew
--
Andrew Howe
Loadbalancer.org Ltd.
www.loadbalancer.org
+1 888 867 9504 / +44 (0)330 380 1064
|
