From f4389c9a55ce2f307d1ea687094527fbc1235d28 Mon Sep 17 00:00:00 2001 From: brectanus Date: Fri, 10 Aug 2007 00:44:20 +0000 Subject: [PATCH] Update docs and CHANGES for logdata action. --- CHANGES | 2 ++ doc/modsecurity2-apache-reference.xml | 28 ++++++++++++++++++++++++--- 2 files changed, 27 insertions(+), 3 deletions(-) diff --git a/CHANGES b/CHANGES index 14e9a419..763cca3c 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,8 @@ ?? ??? 2007 - 2.5.0-trunk ------------------------- + * Added "logdata" meta action to allow safe logging of raw transaction data. + * Added TX_SEVERITY that keeps track of the highest severity for any matched rules so far. diff --git a/doc/modsecurity2-apache-reference.xml b/doc/modsecurity2-apache-reference.xml index 9f61be2c..3c1b2998 100644 --- a/doc/modsecurity2-apache-reference.xml +++ b/doc/modsecurity2-apache-reference.xml @@ -2617,9 +2617,9 @@ SecRule XML "@validateDTD /opt/apache-frontend/conf/xml.dtd" <literal moreinfo="none">RULE</literal> This variable provides access to the id,rev,severity, and id, rev, + severity, logdata, and msg fields of the rule that triggered the action. Only available for expansion in action strings (e.g.setvar:tx.varname=%{rule.id}). Example: @@ -3780,6 +3780,28 @@ SecRule REQUEST_URI "^/cgi-bin/script\.pl" \ ModSecurity audit log. +
+ <literal>logdata</literal> + + Description: Allows logging a + data fragment. + + Action Group: Metadata + + Example: + + SecRule &ARGS:p "@eq 0" "log,logdata:'%{TX.0}'" + + Note + + The logdata information appears in the error and/or audit log + files and is not sent back to the client in response headers. Macro + expansion is preformed so you may use variable names such as %{TX.0}, + etc. The information is properly escaped for use with logging binary + data. +
+
<literal>msg</literal>