mod-security-users Mailing List for ModSecurity (Page 7)

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Just a couple of thoughts:

You could try looking for the request header for HSTS (Strict-Transport-Security). Won’t catch all browsers, but if you use it on your server it’ll catch most of them. (And why wouldn’t you use it?)

Doesn’t REQUEST_URI_RAW work for this? I thought it gave the full URI as a text string.

Have fun,
Arlen

> On Apr 14, 2022, at 3:12 AM, Ehsan Mahdavi <ehs...@gm...> wrote:
> 
> 
> Hi ervin,
> 
> The env.ssl_cipher or sth like that sounds good, if it works in Nginx. I'll try that and get back to you.
> 
>> On Wed, Apr 13, 2022 at 3:51 PM Ervin Hegedüs <ai...@gm...> wrote:
>> Hi there,
>> 
>> On Wed, Apr 13, 2022 at 12:04:39PM +0100, Andrew Howe wrote:
>> > 
>> > What are you trying to achieve? Are you trying to answer the question
>> > "did this request come in as plain text HTTP or has TLS termination
>> > been performed", and then treat the two cases differently?
>> 
>> may be (the official poster) should try the ENV variable:
>> 
>> https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual-(v2.x)#ENV
>> 
>> See the example:
>> 
>> # Reading an environment variable from other Apache module (mod_ssl)
>> SecRule TX:ANOMALY_SCORE "@gt 0" "phase:5,id:16,msg:'%{env.ssl_cipher}'"
>> 
>> 
>> and the comment below:
>> 
>> Note : Use setenv to set environment variables to be accessed by Apache. 
>> 
>> 
>> As I know, ENV works in libmodsecurity too, but I have no idea
>> how can it set through Nginx (if the server is it).

2003	Jan	Feb	Mar	Apr	May	Jun (2)	Jul (17)	Aug (7)	Sep (8)	Oct (11)	Nov (14)	Dec (19)
2004	Jan (46)	Feb (14)	Mar (20)	Apr (48)	May (15)	Jun (20)	Jul (36)	Aug (24)	Sep (31)	Oct (28)	Nov (23)	Dec (12)
2005	Jan (69)	Feb (61)	Mar (82)	Apr (53)	May (26)	Jun (71)	Jul (27)	Aug (52)	Sep (28)	Oct (49)	Nov (104)	Dec (74)
2006	Jan (61)	Feb (148)	Mar (82)	Apr (139)	May (65)	Jun (116)	Jul (92)	Aug (101)	Sep (84)	Oct (103)	Nov (174)	Dec (102)
2007	Jan (166)	Feb (161)	Mar (181)	Apr (152)	May (192)	Jun (250)	Jul (127)	Aug (165)	Sep (97)	Oct (135)	Nov (206)	Dec (56)
2008	Jan (160)	Feb (135)	Mar (98)	Apr (89)	May (115)	Jun (95)	Jul (188)	Aug (167)	Sep (153)	Oct (84)	Nov (82)	Dec (85)
2009	Jan (139)	Feb (133)	Mar (128)	Apr (105)	May (135)	Jun (79)	Jul (92)	Aug (134)	Sep (73)	Oct (112)	Nov (159)	Dec (80)
2010	Jan (100)	Feb (116)	Mar (130)	Apr (59)	May (88)	Jun (59)	Jul (69)	Aug (67)	Sep (82)	Oct (76)	Nov (59)	Dec (34)
2011	Jan (84)	Feb (74)	Mar (81)	Apr (94)	May (188)	Jun (72)	Jul (118)	Aug (109)	Sep (111)	Oct (80)	Nov (51)	Dec (44)
2012	Jan (80)	Feb (123)	Mar (46)	Apr (12)	May (40)	Jun (62)	Jul (95)	Aug (66)	Sep (65)	Oct (53)	Nov (42)	Dec (60)
2013	Jan (96)	Feb (96)	Mar (108)	Apr (72)	May (115)	Jun (111)	Jul (114)	Aug (87)	Sep (93)	Oct (97)	Nov (104)	Dec (82)
2014	Jan (96)	Feb (77)	Mar (71)	Apr (40)	May (48)	Jun (78)	Jul (54)	Aug (44)	Sep (58)	Oct (79)	Nov (51)	Dec (52)
2015	Jan (55)	Feb (59)	Mar (48)	Apr (40)	May (45)	Jun (63)	Jul (36)	Aug (49)	Sep (35)	Oct (58)	Nov (21)	Dec (47)
2016	Jan (35)	Feb (81)	Mar (43)	Apr (41)	May (77)	Jun (52)	Jul (39)	Aug (34)	Sep (107)	Oct (67)	Nov (54)	Dec (20)
2017	Jan (99)	Feb (37)	Mar (86)	Apr (47)	May (57)	Jun (55)	Jul (34)	Aug (31)	Sep (16)	Oct (49)	Nov (53)	Dec (33)
2018	Jan (25)	Feb (11)	Mar (79)	Apr (77)	May (5)	Jun (19)	Jul (17)	Aug (7)	Sep (13)	Oct (22)	Nov (13)	Dec (68)
2019	Jan (44)	Feb (17)	Mar (40)	Apr (39)	May (18)	Jun (14)	Jul (20)	Aug (31)	Sep (11)	Oct (35)	Nov (3)	Dec (10)
2020	Jan (32)	Feb (16)	Mar (10)	Apr (22)	May (2)	Jun (34)	Jul (1)	Aug (8)	Sep (36)	Oct (16)	Nov (13)	Dec (10)
2021	Jan (16)	Feb (23)	Mar (45)	Apr (28)	May (6)	Jun (17)	Jul (8)	Aug (1)	Sep (2)	Oct (35)	Nov	Dec (5)
2022	Jan	Feb (17)	Mar (23)	Apr (23)	May (9)	Jun (8)	Jul	Aug	Sep (7)	Oct (5)	Nov (16)	Dec (4)
2023	Jan	Feb	Mar (3)	Apr	May (1)	Jun (4)	Jul (1)	Aug	Sep (2)	Oct (1)	Nov	Dec
2024	Jan (7)	Feb (13)	Mar (18)	Apr	May	Jun	Jul	Aug	Sep (2)	Oct (1)	Nov (5)	Dec (3)
2025	Jan	Feb	Mar	Apr (12)	May (12)	Jun (2)	Jul (3)	Aug	Sep	Oct	Nov	Dec

mod-security-users Mailing List for ModSecurity (Page 7)

mod-security-users — General discussion about mod_security