Thread: [mod-security-users] Passing X-Forwarded-For header with setenv

Brought to you by: victorhora, zimmerletw

mod-security-users

[mod-security-users] Passing X-Forwarded-For header with setenv

From: Gryzli B. <gry...@gm...> - 2016-09-11 02:46:58

Hi to all,

I want to accomplish the following:

1) Currently I have rules which are using exec: /some_script.sh in 
combination with "setenv" in order to send parameters to the script, by 
using the environment variables

2) I need some way to pass a given header (for example: X-Forwarded-For, 
but it could be anything else) to my custom script, by using setenv


Is this possible and if 'yes', what is the right way to do it ?

Thanks !


Regards,

Gryzli

Re: [mod-security-users] Passing X-Forwarded-For header with setenv

From: Christian F. <chr...@ne...> - 2016-09-11 15:38:23

Hello Gryzli,

There is a problem with your request. I do not think I understand
the situation.

On Sun, Sep 11, 2016 at 05:46:49AM +0300, Gryzli Bugbear wrote:
> 1) Currently I have rules which are using exec: /some_script.sh in 
> combination with "setenv" in order to send parameters to the script, by 
> using the environment variables

So you have setenv -> script working?

> 2) I need some way to pass a given header (for example: X-Forwarded-For, 
> but it could be anything else) to my custom script, by using setenv

But setenv -> script does not work for X-Forwarded-For?

> Is this possible and if 'yes', what is the right way to do it ?

Passing variables to scripts is really annoying in ModSec. The execption
are lua scripts which turn with full access to the apache environment.

When I need a lot of different variables in a non-lua script, I
usually assemble them CSV into a TX variable, base64encode the
TX variable and call the script with the TX variable as parameter.
It's a hack, but much to my own surprise I have such a setup running
in a stable way for years now.

Cheers,

Christian

> 
> Thanks !
> 
> 
> Regards,
> 
> Gryzli
> 
> 
> ------------------------------------------------------------------------------
> _______________________________________________
> mod-security-users mailing list
> mod...@li...
> https://lists.sourceforge.net/lists/listinfo/mod-security-users
> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
> http://www.modsecurity.org/projects/commercial/rules/
> http://www.modsecurity.org/projects/commercial/support/

-- 
https://www.feistyduck.com/training/modsecurity-training-course
mailto:chr...@ne...
twitter: @ChrFolini

Re: [mod-security-users] Passing X-Forwarded-For header with setenv

From: Gryzli B. <gry...@gm...> - 2016-09-12 03:35:51

Hi Christian,

Thanks for your answer and sorry if my question was not clear enough.  I 
already found what I need.

I have rules which look like this:
SecRule REQUEST_URI "bad_request" "id:10015,t:none,\
                                 setenv:action=block,\
                                 setenv:'reason= This is a bad request',\
                                 exec:/path/to/my/perl_script.pl"

What I wanted was, to be able to do something like: setenv: 
X_header=%{REQUEST_HEADERS.X-Forwarded-For}.

Because of my misunderstanding I was trying to use 
%{REQUEST_HEADERS:X-Forwarded-For} instead of 
%{REQUEST_HEADERS.X-Forwarded-For} ( colons, instead of dot), which was 
not working.

After start using the "dot" as a delimiter to extract the value from the 
collection, it is all good now.


Regards,

Gryzli


On 09/11/2016 06:38 PM, Christian Folini wrote:
> Hello Gryzli,
>
> There is a problem with your request. I do not think I understand
> the situation.
>
> On Sun, Sep 11, 2016 at 05:46:49AM +0300, Gryzli Bugbear wrote:
>> 1) Currently I have rules which are using exec: /some_script.sh in
>> combination with "setenv" in order to send parameters to the script, by
>> using the environment variables
> So you have setenv -> script working?
>
>> 2) I need some way to pass a given header (for example: X-Forwarded-For,
>> but it could be anything else) to my custom script, by using setenv
> But setenv -> script does not work for X-Forwarded-For?
>
>> Is this possible and if 'yes', what is the right way to do it ?
> Passing variables to scripts is really annoying in ModSec. The execption
> are lua scripts which turn with full access to the apache environment.
>
> When I need a lot of different variables in a non-lua script, I
> usually assemble them CSV into a TX variable, base64encode the
> TX variable and call the script with the TX variable as parameter.
> It's a hack, but much to my own surprise I have such a setup running
> in a stable way for years now.
>
> Cheers,
>
> Christian
>
>> Thanks !
>>
>>
>> Regards,
>>
>> Gryzli
>>
>>
>> ------------------------------------------------------------------------------
>> _______________________________________________
>> mod-security-users mailing list
>> mod...@li...
>> https://lists.sourceforge.net/lists/listinfo/mod-security-users
>> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
>> http://www.modsecurity.org/projects/commercial/rules/
>> http://www.modsecurity.org/projects/commercial/support/

Re: [mod-security-users] Passing X-Forwarded-For header with setenv

From: Christian F. <chr...@ne...> - 2016-09-12 03:43:50

On Mon, Sep 12, 2016 at 06:35:42AM +0300, Gryzli Bugbear wrote:
> Because of my misunderstanding I was trying to use 
> %{REQUEST_HEADERS:X-Forwarded-For} instead of 
> %{REQUEST_HEADERS.X-Forwarded-For} ( colons, instead of dot), which was 
> not working.

As it happens, I ran into this as well yesterday. :)

Glad you found a solution.

Christian


-- 
https://www.feistyduck.com/training/modsecurity-training-course
mailto:chr...@ne...
twitter: @ChrFolini