github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-18 15:16:13 +03:00
Code Issues Packages Projects Releases Wiki Activity

Update for expirevar functionality

Martin Vierula 2023-10-25 07:36:42 -07:00
parent f5967c5f16
commit 63ce3ec9aa
No known key found for this signature in database
GPG Key ID: F2FC4E45883BCBA4
1 changed files with 13 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
Reference-Manual-(v3.x).mediawiki

@ -2181,7 +2181,19 @@ SecRule ARGS:p attack "phase:2,id:113,block,exec:/usr/local/apache/conf/exec.lua
The exec action is executed independently from any disruptive actions specified. External scripts will always be called with no parameters. Some transaction information will be placed in environment variables. All the usual CGI environment variables will be there. You should be aware that forking a threaded process results in all threads being replicated in the new process. Forking can therefore incur larger overhead in a multithreaded deployment. The script you execute must write something (anything) to stdout; if it doesnt, ModSecurity will assume that the script failed, and will record the failure. The exec action is executed independently from any disruptive actions specified. External scripts will always be called with no parameters. Some transaction information will be placed in environment variables. All the usual CGI environment variables will be there. You should be aware that forking a threaded process results in all threads being replicated in the new process. Forking can therefore incur larger overhead in a multithreaded deployment. The script you execute must write something (anything) to stdout; if it doesnt, ModSecurity will assume that the script failed, and will record the failure.
== expirevar == == expirevar ==
''Not yet supported in v3''' '''Description:''' Configures a collection variable to expire after the given time period (in seconds).
'''Action Group:''' Non-disruptive
'''Example:'''
<pre>
SecRule REQUEST_COOKIES:JSESSIONID "!^$" "nolog,phase:1,id:114,pass,setsid:%{REQUEST_COOKIES:JSESSIONID}"
SecRule REQUEST_URI "^/cgi-bin/script\.pl" "phase:2,id:115,t:none,t:lowercase,t:normalizePath,log,allow,setvar:session.suspicious=1,expirevar:session.suspicious=3600"
</pre>
You should use the expirevar actions at the same time that you use setvar actions. Only one expirevar action per rule will be executed.
;Note: Available beginning with commit 2fcd373 (post v3.0.10).
== id == == id ==
'''Description''': Assigns a unique, numeric ID to the rule or chain in which it appears. '''Description''': Assigns a unique, numeric ID to the rule or chain in which it appears.