[mod-security-users] 回复: 回复: Variable that holds scheme
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
[mod-security-users] 回复: 回复: Variable that holds scheme
|
From: <877...@qq...> - 2022-04-16 05:59:44
|
I had try to search for scheme, but not found. only method as I know is to change method, to copy schema info above to modsecurity's transaction ------------------ 原始邮件 ------------------ 发件人: "mod-security-users" <ehs...@gm...>; 发送时间: 2022年4月15日(星期五) 晚上9:42 收件人: "mod-security-users"<mod...@li...>; 主题: Re: [mod-security-users] 回复: Variable that holds scheme Dear huiming, hi Do you think that there is variable in the config or do you suggest editing the source codes? On Fri, Apr 15, 2022 at 6:28 AM huiming via mod-security-users <mod...@li...> wrote: seems scheme can be get from ngx_http_request_s->schema ------------------ 原始邮件 ------------------ 发件人: "huiming" <877...@qq...>; 发送时间: 2022年4月15日(星期五) 上午9:01 收件人: "mod-security-users"<mod...@li...>; 主题: 回复: [mod-security-users] Variable that holds scheme seems https://github.com/SpiderLabs/ModSecurity-nginx does not copy scheme from nginx to modsecurity. so mod can not get it. ------------------ 原始邮件 ------------------ 发件人: "mod-security-users" <ehs...@gm...>; 发送时间: 2022年4月14日(星期四) 下午4:37 收件人: "mod-security-users"<mod...@li...>; 主题: Re: [mod-security-users] Variable that holds scheme Hi Andrew Yes, I am trying to answer the question, but not to treat them differently. I just need to log the scheme in the Modsecurity Audit log. I have tried different variables like REQUEST_URI, REQUEST_URI_RAW and etc. none of them contain the scheme! On Wed, Apr 13, 2022 at 3:38 PM Andrew Howe <and...@lo...> wrote: Hi Ehsan, > This question might look basic, but I could not find the variable that holds or contains the (http|https) scheme. Where are you trying to pull the scheme from? The scheme isn't typically* transmitted in an HTTP request. A URL will usually be broken up into an HTTP request line and a Host header, which usually looks something like: GET /docs/ HTTP/2 Host: coreruleset.org No scheme/protocol. What are you trying to achieve? Are you trying to answer the question "did this request come in as plain text HTTP or has TLS termination been performed", and then treat the two cases differently? Thanks, Andrew *You may find request lines containing a full 'absolute URI' which includes the scheme, for example with a proxy server. -- Andrew Howe Loadbalancer.org Ltd. www.loadbalancer.org +1 888 867 9504 / +44 (0)330 380 1064 _______________________________________________ mod-security-users mailing list mod...@li... https://lists.sourceforge.net/lists/listinfo/mod-security-users Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: http://www.modsecurity.org/projects/commercial/rules/ http://www.modsecurity.org/projects/commercial/support/ -- regards Ehsan Mahdavi Computer Engineering Ph.D. _______________________________________________ mod-security-users mailing list mod...@li... https://lists.sourceforge.net/lists/listinfo/mod-security-users Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: http://www.modsecurity.org/projects/commercial/rules/ http://www.modsecurity.org/projects/commercial/support/ -- regards Ehsan Mahdavi Computer Engineering Ph.D. |
