Re: [mod-security-users] execute a script for all rules
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] execute a script for all rules
|
From: Hans M. <mo...@ma...> - 2024-03-21 16:23:38
|
Hi azurit, Your suggestion sounds to be ok for me. Where should I place such a rule ? Kind regards Hans -- On 21.03.24 13:20, az...@po... wrote: > Hi Hans, > > you can create a rule in phase 5 (logging) and use WEBSERVER_ERROR_LOG > variable for this purpose, see > https://github.com/owasp-modsecurity/ModSecurity/wiki/Reference-Manual-(v2.x)#user-content-WEBSERVER_ERROR_LOG > . Check this for an inspiration: > https://github.com/azurit/modsecurity-false-positive-report-plugin > > azurit > > > > Citát Franziska Buehler <fra...@gm...>: > >> Hi Hans! >> >> To me, it's not clear what you're trying to achieve. >> You would probably have to write a new rule that checks whether rules >> have >> matched and therefore the blocking variables inbound or outbound (e.g. >> tx.blocking_inbound_anomaly_score) are set. And then you "exec:" and >> call >> your script in this new rule. >> You can't test for individual rules, or at least I don't see how that >> could >> work right now. >> >> Best, >> Franziska >> # CRS dev-on-duty >> >> Am Mi., 20. März 2024 um 21:03 Uhr schrieb Hans Mayer via >> mod-security-users <mod...@li...>: >> >>> >>> Dear All, >>> >>> I am using Apache/2.4.57 on Debian with the modsecurity-crs package >>> which is Producer ModSecurity for Apache/2.9.3 and Rule Set >>> OWASP_CRS/3.3.0 >>> >>> With self written rules I have the possibility to execute a script with >>> the "exec:" statement. >>> >>> Is there a way to execute a script for all these predefined rules if >>> they are triggered ? >>> >>> >>> Kind regards >>> >>> Hans >>> >>> -- >>> >>> >>> >>> >>> >>> >>> >>> _______________________________________________ >>> mod-security-users mailing list >>> mod...@li... >>> https://lists.sourceforge.net/lists/listinfo/mod-security-users >>> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: >>> http://www.modsecurity.org/projects/commercial/rules/ >>> http://www.modsecurity.org/projects/commercial/support/ >>> > > > > > > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ |
