From 955163389fb98e808f3643de8bf484ca8c3bde8e Mon Sep 17 00:00:00 2001 From: brectanus Date: Wed, 2 Apr 2008 16:09:09 +0000 Subject: [PATCH] Add docs for macro expansion. See #462. --- doc/modsecurity2-apache-reference.xml | 29 +++++++++++++++++++++++++-- 1 file changed, 27 insertions(+), 2 deletions(-) diff --git a/doc/modsecurity2-apache-reference.xml b/doc/modsecurity2-apache-reference.xml index 7b6cab37..36b5ef84 100644 --- a/doc/modsecurity2-apache-reference.xml +++ b/doc/modsecurity2-apache-reference.xml @@ -4,7 +4,7 @@ Manual - Version 2.6.0-trunk (March 19, 2008) + Version 2.6.0-trunk (April 02, 2008) 2004-2008 @@ -5574,6 +5574,31 @@ SecRule REQUEST_METHOD "!@within %{tx.allowed_methods}" t:l +
+ Macro Expansion + + Macros allow for using place holders in rules that will be expanded + out to their values at runtime. Currently only variable expansion is + supported, however more options may be added in future versions of + ModSecurity. + + Format: + + %{VARIABLE} +%{COLLECTION.VARIABLE} + + Macro expansion can be used in actions such as initcol, setsid, + setuid, setvar, setenv, logdata. Operators that are evaluated at runtime + support expansion and are noted above. Such operators include @beginsWith, + @endsWith, @contains, @within and @streq. You cannot use macro expansion + for operators that are "compiled" such as @pm, @rx, etc. as these + operators have their values fixed at configure time for efficiency. + + Some values you may want to expand include: TX, REMOTE_ADDR, USERID, + HIGHEST_SEVERITY, MATCHED_VAR, MATCHED_VAR_NAME, MULTIPART_STRICT_ERROR, + RULE, SESSION, USERID, among others. +
+
Data Formats @@ -6065,4 +6090,4 @@ Server: Apache/2.x.x
- + \ No newline at end of file