Small update to "Precedence of ModSecurity over other Apache modules"

2026-01-08 09:18:32 +03:00 · 2014-10-01 06:09:15 -07:00
parent 7d58e02567
commit 7a462338b0
1 changed files with 1 additions and 1 deletions
--- a/Manual.mediawiki
+++ b/Manual.mediawiki
@@ -4103,7 +4103,7 @@ ModSecurity rules run in one of five phases. The first two phases are executed a

 The various phases are hooked into the Apache request lifecycle together with the other Apache modules. On each hook, there can be more than one module being executed. This is where precedence comes into play.

-Precedence is assigned at compile time and mostly hard-coded into the ModSecurity source code. The directive _--enable-request-early_ can used to move the processing of the ModSecurity phase 1 to a different hook.
+Precedence is assigned at compile time and mostly hard-coded into the ModSecurity source code. The compilation directive --enable-request-early can used to move the processing of the ModSecurity phase 1 to a different hook (see above).

 When examining the response, ModSecurity tries to be as early as possible. For example, the phase 3 and phase 4 will run before mod_headers with its _Header_ directive. However, when calling _Header_ with the keyword _early_, the precedence is raised and the directive is executed before ModSecurity phase 3.
 So if you want to edit HTTP response headers with mod_headers (adding the secure-flag to cookies springs to mind), you will usually have to wait until ModSecurity phase 5, before you can examine the effect of the header manipulation with ModSecurity.