mod-security-users

[mod-security-users] Trigger modsec log/deny from web script - logging web spam flagged by b2evolution

[Jason E. <jed...@ca...>]

Hi there,

Is there a way to have mod_security deny and log a request based on the 
action of a php/perl/cgi script?

Specifically, I'm using b2evolution for weblogs and I want to have 
mod_security log the requests that b2evolution marks as spam. Currently, 
b2evolution returns a 403 when a comment/trackback is spam. I don't see 
a way to trigger mod_security based on response code. Would setting an 
environment variable from within a PHP script accomplish this?

How might I achieve this?

Sincerely,
Jason Edgecombe

Re: [mod-security-users] Trigger modsec log/deny from web script - logging web spam flagged by b2evolution

[Ivan R. <iv...@we...>]

Jason Edgecombe wrote:
> Hi there,
> 
> Is there a way to have mod_security deny and log a request based on the
> action of a php/perl/cgi script?
> 
> Specifically, I'm using b2evolution for weblogs and I want to have
> mod_security log the requests that b2evolution marks as spam. Currently,
> b2evolution returns a 403 when a comment/trackback is spam. I don't see
> a way to trigger mod_security based on response code. Would setting an
> environment variable from within a PHP script accomplish this?

  How about:

  SecAuditLogRelevantStatus ^403$

-- 
Ivan Ristic
Apache Security (O'Reilly) - http://www.apachesecurity.net
Open source web application firewall - http://www.modsecurity.org

Re: [mod-security-users] Trigger modsec log/deny from web script - logging web spam flagged by b2evolution

[Jason E. <jed...@ca...>]

Ivan Ristic wrote:

>Jason Edgecombe wrote:
>  
>
>>Hi there,
>>
>>Is there a way to have mod_security deny and log a request based on the
>>action of a php/perl/cgi script?
>>
>>Specifically, I'm using b2evolution for weblogs and I want to have
>>mod_security log the requests that b2evolution marks as spam. Currently,
>>b2evolution returns a 403 when a comment/trackback is spam. I don't see
>>a way to trigger mod_security based on response code. Would setting an
>>environment variable from within a PHP script accomplish this?
>>    
>>
>
>  How about:
>
>  SecAuditLogRelevantStatus ^403$
>
>  
>
Excellent! I'll implement that.

Is there another way incase I don't want to use the http error code?

For example, a http request contains a spam referrer, but I still want 
to serve the page to the client.

Re: [mod-security-users] Trigger modsec log/deny from web script - logging web spam flagged by b2evolution

[Ivan R. <iv...@we...>]

Jason Edgecombe wrote:
>
> Excellent! I'll implement that.
> 
> Is there another way incase I don't want to use the http error code?
> 
> For example, a http request contains a spam referrer, but I still want
> to serve the page to the client.

  I don't know anything about your software but you can serve
  a perfectly normal looking page with code 403 (since the code
  is not shown to the user). But if your setup does not allow
  for that you can try to use output buffering and catch
  spammers with:

  SecFilterSelective OUTPUT "keyword in the response"

  This is a somewhat slower solution, though.

-- 
Ivan Ristic
Apache Security (O'Reilly) - http://www.apachesecurity.net
Open source web application firewall - http://www.modsecurity.org