Re: [mod-security-users] Variable that holds scheme

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hi Arlen,
the HSTS  is not always there (even while using https). Forcing it will
impose restrictions on the problem. Using it means forcing https, which
might not  always be desirable.
The REQUEST_URI_RAW, as I've mentioned in previous emails, doesn't do the
job. I've  tried that and it's not guaranteed to always contain http(s).

On Fri, Apr 15, 2022 at 11:02 PM Arlen Walker <pu...@ar...> wrote:

> Just a couple of thoughts:
>
> You could try looking for the request header for HSTS
> (Strict-Transport-Security). Won’t catch all browsers, but if you use it on
> your server it’ll catch most of them. (And why wouldn’t you use it?)
>
> Doesn’t REQUEST_URI_RAW work for this? I thought it gave the full URI as a
> text string.
>
>
> Have fun,
> Arlen
>
> On Apr 14, 2022, at 3:12 AM, Ehsan Mahdavi <ehs...@gm...>
> wrote:
>
> 
> Hi ervin,
>
> The env.ssl_cipher or sth like that sounds good, if it works in Nginx.
> I'll try that and get back to you.
>
> On Wed, Apr 13, 2022 at 3:51 PM Ervin Hegedüs <ai...@gm...> wrote:
>
>> Hi there,
>>
>> On Wed, Apr 13, 2022 at 12:04:39PM +0100, Andrew Howe wrote:
>> >
>> > What are you trying to achieve? Are you trying to answer the question
>> > "did this request come in as plain text HTTP or has TLS termination
>> > been performed", and then treat the two cases differently?
>>
>> may be (the official poster) should try the ENV variable:
>>
>> https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual-(v2.x)#ENV
>>
>> See the example:
>>
>> # Reading an environment variable from other Apache module (mod_ssl)
>> SecRule TX:ANOMALY_SCORE "@gt 0" "phase:5,id:16,msg:'%{env.ssl_cipher}'"
>>
>>
>> and the comment below:
>>
>> Note : Use setenv to set environment variables to be accessed by Apache.
>>
>>
>> As I know, ENV works in libmodsecurity too, but I have no idea
>> how can it set through Nginx (if the server is it).
>>
> _______________________________________________
> mod-security-users mailing list
> mod...@li...
> https://lists.sourceforge.net/lists/listinfo/mod-security-users
> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
> http://www.modsecurity.org/projects/commercial/rules/
> http://www.modsecurity.org/projects/commercial/support/
>

-- 
                        regards
                  Ehsan Mahdavi
         Computer Engineering Ph.D.