diff --git a/doc/modsecurity2-apache-reference.xml b/doc/modsecurity2-apache-reference.xml
index 37c083e6..8ddee6a8 100644
--- a/doc/modsecurity2-apache-reference.xml
+++ b/doc/modsecurity2-apache-reference.xml
@@ -3,7 +3,7 @@
ModSecurity Reference Manual
- Version 2.1.0 / (February 23, 2007)
+ Version 2.2.0-trunk / (May 3, 2007)2004-2007
@@ -198,8 +198,8 @@
which are in most cases custom coded. The Core Rules are heavily
commented to allow it to be used as a step-by-step deployment guide for
ModSecurity. The latest Core Rules can be found at the ModSecurity
- website - http://www.modsecurity.org/projects/rules/.
+ website - http://www.modsecurity.org/projects/rules/.
@@ -828,6 +828,20 @@ SecAuditLogStorageDir logs/audit
open files.
+
+ <literal>SecContentInjection (Experimental)</literal>
+
+ Description: Enables content
+ injection using actions append and
+ prepend.
+
+ Syntax:
+ SecContentInjection (On|Off)
+
+ Example Usage:
+ SecContentInjection On
+
+
<literal>SecCookieFormat</literal>
@@ -1036,17 +1050,16 @@ SecAuditLogStorageDir logs/audit
Development of a state of the art external protection tool will be
a focus of subsequent ModSecurity releases. However, a fully functional
- tool is already available as part of the Apache httpd tools project
- (http://www.apachesecurity.net/tools/).
- The tool is called httpd-guardian and can be used to defend against
- Denial of Service attacks. It uses the blacklist tool (from the same
- project) to interact with an iptables-based (Linux) or pf-based (*BSD)
- firewall, dynamically blacklisting the offending IP addresses. It can
- also interact with SnortSam (http://www.snortsam.net). Assuming
- httpd-guardian is already configured (look into the source code for the
- detailed instructions) you only need to add one line to your Apache
- configuration to deploy it:
+ tool is already available as part of the Apache httpd tools
+ project. The tool is called httpd-guardian and can be used to
+ defend against Denial of Service attacks. It uses the blacklist tool
+ (from the same project) to interact with an iptables-based (Linux) or
+ pf-based (*BSD) firewall, dynamically blacklisting the offending IP
+ addresses. It can also interact with SnortSam (http://www.snortsam.net).
+ Assuming httpd-guardian is already configured (look into the source code
+ for the detailed instructions) you only need to add one line to your
+ Apache configuration to deploy it:
SecGuardianLog |/path/to/httpd-guardian
@@ -2949,6 +2962,28 @@ SecRule XML:/xq:employees/employee/name/text()
ctl:ruleEngine=Off.
+
+ append (Experimental)
+
+ Description: Appends text given
+ as parameter to the end of response body. For this action to work
+ content injection must be enabled by setting
+ SecContentInjection to On. Also
+ make sure you check the content type of the response before you make
+ changes to it (e.g. you don't want to inject stuff into images).
+
+ Action Group:
+ Non-Disruptive
+
+ Processing Phases: 3 and
+ 4.
+
+ Example:
+
+ SecRule RESPONSE_CONTENT_TYPE "^text/html" "nolog,pass,append:'<hr>Footer'"
+
+
<literal>auditlog</literal>
@@ -3514,6 +3549,28 @@ SecRule REQUEST_HEADERS:User-Agent "Test" log,deny,status:403
phase.
+
+ prepend (Experimental)
+
+ Description: Prepends text given
+ as parameter to the response body. For this action to work content
+ injection must be enabled by setting
+ SecContentInjection to On. Also
+ make sure you check the content type of the response before you make
+ changes to it (e.g. you don't want to inject stuff into images).
+
+ Action Group:
+ Non-Disruptive
+
+ Processing Phases: 3 and
+ 4.
+
+ Example:
+
+ SecRule RESPONSE_CONTENT_TYPE ^text/html "phase:3,nolog,pass,prepend:'Header<br>'"
+
+
<literal>proxy</literal>
@@ -4253,4 +4310,4 @@ SecRule XML "@validateSchema /path/to/apache2/conf/xml.xsd
-
+
\ No newline at end of file