github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-14 05:45:59 +03:00
Code Issues Packages Projects Releases Wiki Activity

Small clarifications.

Browse Source
This commit is contained in:
ivanr 2008-12-03 15:07:49 +00:00
parent 9c3c0d8c8a
commit 4f3c9d991a
1 changed files with 15 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
doc/modsecurity2-data-formats.xml
View File

@ -4,7 +4,7 @@
<article> <article>
<title>ModSecurity 2 Data Formats</title> <title>ModSecurity 2 Data Formats</title>
<articleinfo> <articleinfo>
<releaseinfo>Version 2.6.0-trunk (November 27, 2008)</releaseinfo> <releaseinfo>Version 2.6.0-trunk (December 3, 2008)</releaseinfo>
<copyright> <copyright>
<year>2004-2008</year> <year>2004-2008</year>
<holder>Breach Security, Inc. (<ulink url="http://www.breach.com" <holder>Breach Security, Inc. (<ulink url="http://www.breach.com"
@ -482,13 +482,13 @@ Server: Apache/2.x.x
<para>Unique transaction ID</para> <para>Unique transaction ID</para>
</listitem> </listitem>
<listitem> <listitem>
<para>Source IP address (IPv4)</para> <para>Source IP address (IPv4 or IPv6)</para>
</listitem> </listitem>
<listitem> <listitem>
<para>Source port</para> <para>Source port</para>
</listitem> </listitem>
<listitem> <listitem>
<para>Destination IP address (IPv4)</para> <para>Destination IP address (IPv4 or IPv6)</para>
</listitem> </listitem>
<listitem> <listitem>
<para>Destination port</para> <para>Destination port</para>
@ -556,10 +556,13 @@ Server: Apache/2.x.x
<title>Response Headers (<literal>F</literal>)</title> <title>Response Headers (<literal>F</literal>)</title>
<para>This part contains the actual response headers sent to the client. Since <para>This part contains the actual response headers sent to the client. Since
ModSecurity 2.x for Apache does not access the raw connection data, it ModSecurity 2.x for Apache does not access the raw connection data, it
constructs part F out of the internal Apache data structures that hold the constructs part <literal>F</literal> out of the internal Apache data structures
response headers. Some headers are generated just before they are sent and that hold the response headers.</para>
ModSecurity is not able to record those. They are the <literal>Date</literal> <para>Some headers (the <literal>Date</literal> and <literal>Server</literal>
and <literal>Server</literal> response headers.</para> response headers) are generated just before they are sent and ModSecurity is not
able to record those. You should note than ModSecurity is working as part of a
reverse proxy, the backend web server will have generated these two servers, and
in that case they will be recorded. </para>
</section> </section>
<section> <section>
<title>Response Body (G)</title> <title>Response Body (G)</title>
@ -776,7 +779,11 @@ Server: Apache/2.x.x
<section> <section>
<title>Matched Rules (<literal>K</literal>)</title> <title>Matched Rules (<literal>K</literal>)</title>
<para>The matched rules part contains a record of all ModSecurity rules that matched <para>The matched rules part contains a record of all ModSecurity rules that matched
during transaction processing.</para> during transaction processing. You should note that if a rule that belongs to a
chain matches then the entire chain will be recorded. This is because, even
though the disruptive action may not have executed, other per-rule actions have,
and you will need to see the entire chain in order to understand the
rules.</para>
<para>This part is available starting with ModSecurity 2.5.x.</para> <para>This part is available starting with ModSecurity 2.5.x.</para>
</section> </section>
<section> <section>