Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 29217200C34 for ; Mon, 27 Feb 2017 15:50:00 +0100 (CET) Received: by cust-asf.ponee.io (Postfix) id 27969160B60; Mon, 27 Feb 2017 14:50:00 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 727AF160B56 for ; Mon, 27 Feb 2017 15:49:59 +0100 (CET) Received: (qmail 22237 invoked by uid 500); 27 Feb 2017 14:49:53 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 22227 invoked by uid 99); 27 Feb 2017 14:49:53 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd1-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 27 Feb 2017 14:49:53 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd1-us-west.apache.org (ASF Mail Server at spamd1-us-west.apache.org) with ESMTP id AA5A8C31B5 for ; Mon, 27 Feb 2017 14:49:52 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd1-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 2.379 X-Spam-Level: ** X-Spam-Status: No, score=2.379 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=2, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RCVD_IN_SORBS_SPAM=0.5, SPF_PASS=-0.001] autolearn=disabled Authentication-Results: spamd1-us-west.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mx1-lw-us.apache.org ([10.40.0.8]) by localhost (spamd1-us-west.apache.org [10.40.0.7]) (amavisd-new, port 10024) with ESMTP id Y60QUg_ge-O1 for ; Mon, 27 Feb 2017 14:49:51 +0000 (UTC) Received: from mail-yw0-f177.google.com (mail-yw0-f177.google.com [209.85.161.177]) by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTPS id 6FDC95F58E for ; Mon, 27 Feb 2017 14:49:51 +0000 (UTC) Received: by mail-yw0-f177.google.com with SMTP id v200so37569508ywc.3 for ; Mon, 27 Feb 2017 06:49:51 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=MDji0H8OOOGI8CcY4n8TjAtiAkgQl02nlIvwupPPeN8=; b=jLyhd/mmfd3cUFa91Uc920D9qS19Ol764wbK8o+Rp5TtNqUqE/hR5p/EXeU5pqkIgV /sez3uzJyGlHsOzAS7vwbeVT9vvXyrc2+2UR4E9iIo8Jy4W93Jgl0ek4Zwws3aJKErdM 1wAloGpdsowZco0nDRnsxkUGI5mi5WcK7vjz8xE8HcH3aWAsIOuM0cayjyFbgseMEDYw svHCjA+2kcLeiVVa2q4mOToglcK8yPqXJB0AGHikL3dZZ5wgQMupsx8vp3fxAhPyFmCa ntdAHVDoNJw+SJpiYOKm8xSN3Gio+0SDvDr0oYtsZo+4qXTro/j15NzkmW3Vtb+sbPaJ AIgQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=MDji0H8OOOGI8CcY4n8TjAtiAkgQl02nlIvwupPPeN8=; b=Ngc9QJytl3S2sUrits3l548fKspngn5D05WdWtyOkdJ3Z1vjQ6r15Di48QOByGPLrW D7TWt9Wk+xhhfj2rh4gaxwlnjtt9D3d9rTW3y2MG9KXsKvuCdCQyIcYcj11FRf703BIN /USjGQAg6AVem44sacoo/RVmdqv6/0egAJFRIaTLtQhdJsiMGrXhdYtnvACvowGYaSLo eyucOX6jk61qYU4UB5x9qyHDu5qqtNd1W4e3FK5IJTgZKA9hGWWBBEE8iuQQZYEGSZIZ XYtEP2HalelnommJaLUktIm8/iZWA54bwIO6AxLOqMUgc1DpeGb3s83lnhe/FUt4zoSw my9A== X-Gm-Message-State: AMke39lewtwjhkzlmzUlXQQlR0kYYJD20bJu231f6xTB3tJD/15ujzuLCfz3BbAOxrlUnK0U7R/w5lD1gYz5wQ== X-Received: by 10.13.223.141 with SMTP id i135mr1277492ywe.185.1488206990858; Mon, 27 Feb 2017 06:49:50 -0800 (PST) MIME-Version: 1.0 Received: by 10.129.49.148 with HTTP; Mon, 27 Feb 2017 06:49:50 -0800 (PST) From: Andrei Date: Mon, 27 Feb 2017 08:49:50 -0600 Message-ID: To: users@httpd.apache.org Content-Type: multipart/alternative; boundary=001a114e407e0adfce0549843118 Subject: [users@httpd] ModSecurity and custom headers archived-at: Mon, 27 Feb 2017 14:50:00 -0000 --001a114e407e0adfce0549843118 Content-Type: text/plain; charset=UTF-8 Hi all, How can I add a custom header using the 'msg' value from a ModSecurity rule, for all rules triggered? I'm basically trying to track the ModSec block reason at an edge point (Varnish) based on Apache's response. For example, I would like: SecRule REQUEST_URI "/modsectest" "log,deny,status:406,phase:1,t:none,id:9084310,msg:'ModSec Log Test'" To add a 'X-ModSec-Block' response header with the value 'ModSec Log Test' in this case. I understand this might be better suited with setenv + mod_headers due to blocks being done at different phases, and found http://serverfault.com/questions/796088/modsecurity-creating-a-new-request-header-from-secrule which seems similar to this scenario, just that it's not quite working out for me. Any help is greatly appreciated! Andrei --001a114e407e0adfce0549843118 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Hi all,

How can I add a custom hea= der using the 'msg' value from a ModSecurity rule, for all rules tr= iggered? I'm basically trying to track the ModSec block reason at an ed= ge point (Varnish) based on Apache's response.

For example, I would like:

SecRule REQUEST_URI &q= uot;/modsectest" "log,deny,status:406,phase:1,t:none,id:9084310,m= sg:'ModSec Log Test'"

To add a 'X= -ModSec-Block' response header with the value 'ModSec Log Test'= in this case. I understand this might be better suited with setenv + mod_h= eaders due to blocks being done at different phases, and found http://serverfault.com/questions/796088/modsecurity-cre= ating-a-new-request-header-from-secrule which seems similar to this sce= nario, just that it's not quite working out for me. Any help is greatly= appreciated!

Andrei
--001a114e407e0adfce0549843118--