diff --git a/doc/modsecurity2-apache-reference.xml b/doc/modsecurity2-apache-reference.xml
index 2538bf7b..b01f9098 100644
--- a/doc/modsecurity2-apache-reference.xml
+++ b/doc/modsecurity2-apache-reference.xml
@@ -3,7 +3,7 @@
ModSecurity Reference Manual
- Version 2.5.0-rc1/ (December 17, 2007)
+ Version 2.5.0-rc1/ (December 19, 2007)
2004-2007
@@ -319,6 +319,12 @@
moreinfo="none">INCLUDES=-I/usr/include/libxml2)
+
+ (Optional) If you want to use Lua scripting add
+ -DWITH_LUA and configure the path to Lua include
+ files (for example -I /usr/include/lua5.1).
+
+
Compile with make
@@ -338,6 +344,11 @@
/usr/lib/libxml2.so
+
+ (Optional) Add one line to load Lua before ModSecurity:
+ LoadFile /usr/lib/liblua5.1.so.
+
+
Add one line to your configuration to load ModSecurity: LoadModule security2_module
@@ -1776,6 +1787,51 @@ ServerAlias www.app2.com
moreinfo="none">msg action).
+
+ <literal>SecRuleScript</literal> (Experimental)
+
+ Description: This directive creates a special
+ rule that executes a Lua script to decide whether to match or not. The
+ main difference from SecRule is that there are no
+ targets nor operators. The script can fetch any variable from the
+ ModSecurity context and use any (Lua) operator to test them. The second
+ optional parameter is the list of actions whose meaning is identical to
+ that of SecRule.
+
+ Syntax: SecRuleScript /path/to/script.lua
+ [ACTIONS]
+
+ Example script:
+
+ -- Your script must define the main entry
+-- point, as below.
+function main()
+ -- Log something at level 1. Normally you shouldn't be
+ -- logging anything, especially not at level 1, but this is
+ -- just to show you can. Useful for debugging.
+ m.log(1, "Hello world!");
+
+ -- Retrieve one variable.
+ var1 = m.getvar("REMOTE_ADDR");
+
+ -- Retrieve one variable, applying one transformation function.
+ -- The second parameter is a string.
+ var2 = m.getvar("REQUEST_URI", "normalisePath");
+
+ -- Retrieve one variable, applying several transformation functions.
+ -- Notice how the second parameter is now a list.
+ var3 = m.getvar("ARGS:p", { "lowercase", "compressWhitespace" } );
+
+ -- If you want this rule to match return a string
+ -- containing the error message. It is a good idea to mention
+ -- where the problem is located.
+ -- return "Variable ARGS:p looks suspicious!"
+
+ -- Otherwise, simply return null.
+ return null;
+end
+
+
<literal>SecServerSignature</literal>
@@ -3404,9 +3460,9 @@ SecRule XML:/xq:employees/employee/name/text() Fred \
<literal>md5</literal>
- This function calculates an MD5 hash from input. Note that
- the computed hash is in a raw binary form and should be hex encoded
- to be human readable (t:md5,t:hexEncode).
+ This function calculates an MD5 hash from input. Note that the
+ computed hash is in a raw binary form and should be hex encoded to be
+ human readable (t:md5,t:hexEncode).
@@ -3495,9 +3551,9 @@ SecRule XML:/xq:employees/employee/name/text() Fred \
<literal>sha1</literal>
- This function calculates a SHA1 hash from input. Note that
- the computed hash is in a raw binary form and should be hex encoded
- to be human readable (t:sha1,t:hexEncode).
+ This function calculates a SHA1 hash from input. Note that the
+ computed hash is in a raw binary form and should be hex encoded to be
+ human readable (t:sha1,t:hexEncode).
@@ -5213,4 +5269,4 @@ SecRule REQUEST_METHOD "!@within %{tx.allowed_methods}" t:l
-
+
\ No newline at end of file