Re: [mod-security-users] execute a script for all rules
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] execute a script for all rules
|
From: Hans M. <mo...@ma...> - 2024-03-22 13:17:06
|
Many thanks. I understand this rule at the end of Apache config is available for all virtuel servers. // Hans -- On 21.03.24 18:59, az...@po... wrote: > Doesn't very matter where you put it as far as it goes AFTER the > mod_security is loaded, for example at the end of apache2.conf . > > > > > > Citát Hans Mayer <mo...@ma...>: > >> Hi azurit, >> >> Your suggestion sounds to be ok for me. >> >> Where should I place such a rule ? >> >> >> Kind regards >> >> Hans >> >> -- >> >> >> >> On 21.03.24 13:20, az...@po... wrote: >>> Hi Hans, >>> >>> you can create a rule in phase 5 (logging) and use >>> WEBSERVER_ERROR_LOG variable for this purpose, see >>> https://github.com/owasp-modsecurity/ModSecurity/wiki/Reference-Manual-(v2.x)#user-content-WEBSERVER_ERROR_LOG >>> . Check this for an inspiration: >>> https://github.com/azurit/modsecurity-false-positive-report-plugin >>> >>> azurit >>> >>> >>> >>> Citát Franziska Buehler <fra...@gm...>: >>> >>>> Hi Hans! >>>> >>>> To me, it's not clear what you're trying to achieve. >>>> You would probably have to write a new rule that checks whether >>>> rules have >>>> matched and therefore the blocking variables inbound or outbound (e.g. >>>> tx.blocking_inbound_anomaly_score) are set. And then you "exec:" >>>> and call >>>> your script in this new rule. >>>> You can't test for individual rules, or at least I don't see how >>>> that could >>>> work right now. >>>> >>>> Best, >>>> Franziska >>>> # CRS dev-on-duty >>>> >>>> Am Mi., 20. März 2024 um 21:03 Uhr schrieb Hans Mayer via >>>> mod-security-users <mod...@li...>: >>>> >>>>> >>>>> Dear All, >>>>> >>>>> I am using Apache/2.4.57 on Debian with the modsecurity-crs package >>>>> which is Producer ModSecurity for Apache/2.9.3 and Rule Set >>>>> OWASP_CRS/3.3.0 >>>>> >>>>> With self written rules I have the possibility to execute a script >>>>> with >>>>> the "exec:" statement. >>>>> >>>>> Is there a way to execute a script for all these predefined rules if >>>>> they are triggered ? >>>>> >>>>> >>>>> Kind regards >>>>> >>>>> Hans >>>>> >>>>> -- >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> _______________________________________________ >>>>> mod-security-users mailing list >>>>> mod...@li... >>>>> https://lists.sourceforge.net/lists/listinfo/mod-security-users >>>>> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: >>>>> http://www.modsecurity.org/projects/commercial/rules/ >>>>> http://www.modsecurity.org/projects/commercial/support/ >>>>> >>> >>> >>> >>> >>> >>> _______________________________________________ >>> mod-security-users mailing list >>> mod...@li... >>> https://lists.sourceforge.net/lists/listinfo/mod-security-users >>> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: >>> http://www.modsecurity.org/projects/commercial/rules/ >>> http://www.modsecurity.org/projects/commercial/support/ > > |
