Re: [mod-security-users] execute a script for all rules
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] execute a script for all rules
|
From: <az...@po...> - 2024-03-21 12:40:19
|
Hi Hans, you can create a rule in phase 5 (logging) and use WEBSERVER_ERROR_LOG variable for this purpose, see https://github.com/owasp-modsecurity/ModSecurity/wiki/Reference-Manual-(v2.x)#user-content-WEBSERVER_ERROR_LOG . Check this for an inspiration: https://github.com/azurit/modsecurity-false-positive-report-plugin azurit Citát Franziska Buehler <fra...@gm...>: > Hi Hans! > > To me, it's not clear what you're trying to achieve. > You would probably have to write a new rule that checks whether rules have > matched and therefore the blocking variables inbound or outbound (e.g. > tx.blocking_inbound_anomaly_score) are set. And then you "exec:" and call > your script in this new rule. > You can't test for individual rules, or at least I don't see how that could > work right now. > > Best, > Franziska > # CRS dev-on-duty > > Am Mi., 20. März 2024 um 21:03 Uhr schrieb Hans Mayer via > mod-security-users <mod...@li...>: > >> >> Dear All, >> >> I am using Apache/2.4.57 on Debian with the modsecurity-crs package >> which is Producer ModSecurity for Apache/2.9.3 and Rule Set >> OWASP_CRS/3.3.0 >> >> With self written rules I have the possibility to execute a script with >> the "exec:" statement. >> >> Is there a way to execute a script for all these predefined rules if >> they are triggered ? >> >> >> Kind regards >> >> Hans >> >> -- >> >> >> >> >> >> >> >> _______________________________________________ >> mod-security-users mailing list >> mod...@li... >> https://lists.sourceforge.net/lists/listinfo/mod-security-users >> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: >> http://www.modsecurity.org/projects/commercial/rules/ >> http://www.modsecurity.org/projects/commercial/support/ >> |
