httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrei <lag...@gmail.com>
Subject [users@httpd] Re: ModSecurity and custom headers
Date Wed, 01 Mar 2017 05:54:49 GMT
Is there a different list I should be asking this on?

On Mon, Feb 27, 2017 at 8:49 AM, Andrei <lagged@gmail.com> wrote:

> Hi all,
>
> How can I add a custom header using the 'msg' value from a ModSecurity
> rule, for all rules triggered? I'm basically trying to track the ModSec
> block reason at an edge point (Varnish) based on Apache's response.
>
> For example, I would like:
>
> SecRule REQUEST_URI "/modsectest" "log,deny,status:406,phase:1,t:none,id:9084310,msg:'ModSec
> Log Test'"
>
> To add a 'X-ModSec-Block' response header with the value 'ModSec Log Test'
> in this case. I understand this might be better suited with setenv +
> mod_headers due to blocks being done at different phases, and found
> http://serverfault.com/questions/796088/modsecurity-
> creating-a-new-request-header-from-secrule which seems similar to this
> scenario, just that it's not quite working out for me. Any help is greatly
> appreciated!
>
> Andrei
>

Mime
View raw message