Re: [mod-security-users] execute a script for all rules
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] execute a script for all rules
|
From: <az...@po...> - 2024-03-21 18:00:12
|
Doesn't very matter where you put it as far as it goes AFTER the mod_security is loaded, for example at the end of apache2.conf . Citát Hans Mayer <mo...@ma...>: > Hi azurit, > > Your suggestion sounds to be ok for me. > > Where should I place such a rule ? > > > Kind regards > > Hans > > -- > > > > On 21.03.24 13:20, az...@po... wrote: >> Hi Hans, >> >> you can create a rule in phase 5 (logging) and use >> WEBSERVER_ERROR_LOG variable for this purpose, see >> https://github.com/owasp-modsecurity/ModSecurity/wiki/Reference-Manual-(v2.x)#user-content-WEBSERVER_ERROR_LOG . Check this for an >> inspiration: >> https://github.com/azurit/modsecurity-false-positive-report-plugin >> >> azurit >> >> >> >> Citát Franziska Buehler <fra...@gm...>: >> >>> Hi Hans! >>> >>> To me, it's not clear what you're trying to achieve. >>> You would probably have to write a new rule that checks whether rules have >>> matched and therefore the blocking variables inbound or outbound (e.g. >>> tx.blocking_inbound_anomaly_score) are set. And then you "exec:" and call >>> your script in this new rule. >>> You can't test for individual rules, or at least I don't see how that could >>> work right now. >>> >>> Best, >>> Franziska >>> # CRS dev-on-duty >>> >>> Am Mi., 20. März 2024 um 21:03 Uhr schrieb Hans Mayer via >>> mod-security-users <mod...@li...>: >>> >>>> >>>> Dear All, >>>> >>>> I am using Apache/2.4.57 on Debian with the modsecurity-crs package >>>> which is Producer ModSecurity for Apache/2.9.3 and Rule Set >>>> OWASP_CRS/3.3.0 >>>> >>>> With self written rules I have the possibility to execute a script with >>>> the "exec:" statement. >>>> >>>> Is there a way to execute a script for all these predefined rules if >>>> they are triggered ? >>>> >>>> >>>> Kind regards >>>> >>>> Hans >>>> >>>> -- >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> _______________________________________________ >>>> mod-security-users mailing list >>>> mod...@li... >>>> https://lists.sourceforge.net/lists/listinfo/mod-security-users >>>> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: >>>> http://www.modsecurity.org/projects/commercial/rules/ >>>> http://www.modsecurity.org/projects/commercial/support/ >>>> >> >> >> >> >> >> _______________________________________________ >> mod-security-users mailing list >> mod...@li... >> https://lists.sourceforge.net/lists/listinfo/mod-security-users >> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: >> http://www.modsecurity.org/projects/commercial/rules/ >> http://www.modsecurity.org/projects/commercial/support/ |
