Documented SecContentInjection, append, and prepend.

doc/modsecurity2-apache-reference.xml

@@ -3,7 +3,7 @@
   <title>ModSecurity Reference Manual</title>
 
   <articleinfo>
-    <releaseinfo>Version 2.1.0 / (February 23, 2007)</releaseinfo>
+    <releaseinfo>Version 2.2.0-trunk / (May 3, 2007)</releaseinfo>
 
     <copyright>
       <year>2004-2007</year>
@@ -198,8 +198,8 @@
       which are in most cases custom coded. The Core Rules are heavily
       commented to allow it to be used as a step-by-step deployment guide for
       ModSecurity. The latest Core Rules can be found at the ModSecurity
-      website - <link
+      website - <ulink
-      linkend="http://www.modsecurity.org/projects/rules/">http://www.modsecurity.org/projects/rules/</link>.</para>
+      url="???">http://www.modsecurity.org/projects/rules/</ulink>.</para>
     </section>
 
     <section>
@@ -828,6 +828,20 @@ SecAuditLogStorageDir logs/audit
       open files.</para>
     </section>
 
+    <section>
+      <title><literal>SecContentInjection (Experimental)</literal></title>
+
+      <para><emphasis role="bold">Description:</emphasis> Enables content
+      injection using actions <literal>append</literal> and
+      <literal>prepend</literal>.</para>
+
+      <para><emphasis role="bold">Syntax:</emphasis>
+      <literal>SecContentInjection (On|Off)</literal></para>
+
+      <para><emphasis role="bold">Example Usage:</emphasis>
+      <literal>SecContentInjection On</literal></para>
+    </section>
+
     <section>
       <title><literal>SecCookieFormat</literal></title>
 
@@ -1036,17 +1050,16 @@ SecAuditLogStorageDir logs/audit
 
       <para>Development of a state of the art external protection tool will be
       a focus of subsequent ModSecurity releases. However, a fully functional
-      tool is already available as part of the Apache httpd tools project
+      tool is already available as part of the <ulink type=""
-      (<link
+      url="http://www.apachesecurity.net/tools/">Apache httpd tools
-      linkend="http://www.apachesecurity.net/tools/">http://www.apachesecurity.net/tools/</link>).
+      project</ulink>. The tool is called httpd-guardian and can be used to
-      The tool is called httpd-guardian and can be used to defend against
+      defend against Denial of Service attacks. It uses the blacklist tool
-      Denial of Service attacks. It uses the blacklist tool (from the same
+      (from the same project) to interact with an iptables-based (Linux) or
-      project) to interact with an iptables-based (Linux) or pf-based (*BSD)
+      pf-based (*BSD) firewall, dynamically blacklisting the offending IP
-      firewall, dynamically blacklisting the offending IP addresses. It can
+      addresses. It can also interact with SnortSam (http://www.snortsam.net).
-      also interact with SnortSam (http://www.snortsam.net). Assuming
+      Assuming httpd-guardian is already configured (look into the source code
-      httpd-guardian is already configured (look into the source code for the
+      for the detailed instructions) you only need to add one line to your
-      detailed instructions) you only need to add one line to your Apache
+      Apache configuration to deploy it:</para>
-      configuration to deploy it:</para>
 
       <programlisting format="linespecific">SecGuardianLog |/path/to/httpd-guardian</programlisting>
     </section>
@@ -2949,6 +2962,28 @@ SecRule <emphasis role="bold">XML:/xq:employees/employee/name/text()</emphasis>
       ctl:ruleEngine=Off</literal>.</para>
     </section>
 
+    <section>
+      <title>append (Experimental)</title>
+
+      <para><emphasis role="bold">Description:</emphasis> Appends text given
+      as parameter to the end of response body. For this action to work
+      content injection must be enabled by setting
+      <literal>SecContentInjection</literal> to <literal>On</literal>. Also
+      make sure you check the content type of the response before you make
+      changes to it (e.g. you don't want to inject stuff into images).</para>
+
+      <para><emphasis role="bold">Action Group:</emphasis>
+      Non-Disruptive</para>
+
+      <para><emphasis role="bold">Processing Phases:</emphasis> 3 and
+      4.</para>
+
+      <para>Example:</para>
+
+      <programlisting>SecRule RESPONSE_CONTENT_TYPE "^text/html" "nolog,pass,<emphasis
+          role="bold">append:'&lt;hr&gt;Footer'</emphasis>"</programlisting>
+    </section>
+
     <section>
       <title><literal>auditlog</literal></title>
 
@@ -3514,6 +3549,28 @@ SecRule REQUEST_HEADERS:User-Agent "Test" log,deny,status:403</programlisting>
       phase.</para>
     </section>
 
+    <section>
+      <title>prepend (Experimental)</title>
+
+      <para><emphasis role="bold">Description:</emphasis> Prepends text given
+      as parameter to the response body. For this action to work content
+      injection must be enabled by setting
+      <literal>SecContentInjection</literal> to <literal>On</literal>. Also
+      make sure you check the content type of the response before you make
+      changes to it (e.g. you don't want to inject stuff into images).</para>
+
+      <para><emphasis role="bold">Action Group:</emphasis>
+      Non-Disruptive</para>
+
+      <para><emphasis role="bold">Processing Phases:</emphasis> 3 and
+      4.</para>
+
+      <para>Example:</para>
+
+      <programlisting>SecRule RESPONSE_CONTENT_TYPE ^text/html "phase:3,nolog,pass,<emphasis
+          role="bold">prepend:'Header&lt;br&gt;'</emphasis>"</programlisting>
+    </section>
+
     <section>
       <title><literal>proxy</literal></title>
 
@@ -4253,4 +4310,4 @@ SecRule XML "<emphasis role="bold">@validateSchema /path/to/apache2/conf/xml.xsd
       </itemizedlist>
     </section>
   </section>
-</article>
+</article>