[prev in list] [next in list] [prev in thread] [next in thread] 

List:       mod-security-users
Subject:    Re: [mod-security-users] setenv, php and macro expansion
From:       Brian Rectanus <Brian.Rectanus () breach ! com>
Date:       2009-09-11 7:03:35
Message-ID: 4AA9F647.2000106 () breach ! com
[Download RAW message or body]

Fabio Moretti wrote:
> Hi to all.
> I'm relatively new to mod_security and I'm actually building a set of
> rules to protect "home made" sites that I host on my servers.
> I want to redirect the user to a special page when one of my rules
> return a positive match, so I've created a "security.php" page and then
> I've decided to use a 510 status via apache ErrorDocument to redirect to
> that page, setting the status as a default action:
>
> SecDefaultAction "log,deny,phase:2,setenv:r=%{rule.id},status:510,t:none"
>
> Anyway when apache redirect to security.php page I have an env var like
> this:
>
> REDIRECT_r =>  %{rule.id} (literally)
>
> without the macro expansion I've expected. I am also unable to read any
> env variable that should be set by mod_security because they simple does
> not exist, but maybe it's because I am using apache prefork and php as a
> module.
> This instead work perfectly (but I really don't like it):
>
> SecDefaultAction
> "log,deny,phase:2,redirect:/errorpages/security.php?r=%{rule.id},t:none"
>
> %{rule.id} is expanded correctly, like 950001
>
> Anyone have an idea about what I'm doing wrong?

Sounds like you have an older version of ModSecurity?  Macro expansion 
for setenv was enabled in 2.1.6.

later,
-B

-- 
Brian Rectanus
Breach Security

------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day 
trial. Simplify your report design, integration and deployment - and focus on 
what you do best, core application coding. Discover what's new with 
Crystal Reports now.  http://p.sf.net/sfu/bobj-july
_______________________________________________
mod-security-users mailing list
mod-security-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Appliances, Rule Sets and Support:
http://www.modsecurity.org/breach/index.html
[prev in list] [next in list] [prev in thread] [next in thread]