github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-13 13:26:01 +03:00
Code Issues Packages Projects Releases Wiki Activity

Updated Ideas for Google Summer of Code 2016 (markdown)

Marc Stern 2016-02-17 13:50:39 +01:00
parent b163cffb5a
commit 8d74343f89
1 changed files with 12 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
Ideas-for-Google-Summer-of-Code-2016.md

@ -56,4 +56,15 @@ https://github.com/SpiderLabs/ModSecurity-nginx"
###ModSecurity transformation functions: allow parameters
**Brief explanation:** Currently, transformations cannot use parameters. This would allow more flexibility.
**Expected results:** Support parameters
**Example:** t:encrypt(%{TX.mykey}%)
t:encrypt(%{TX.mykey}%)
###ModSecurity sub-phases
**Brief explanation:** ModSecurity supports real phases 1-4 and the 'virtual' one 5. Having intermediate virtual phases, like phase:2.2, would allow to order rules inside a real phase. This is especially useful for configurations integrating rules provided, for example, by a hoster and customs ones.
**Expected results:** Rules will be ordered, inside a phase, not only based on their occurence but also based on their sub-phase.
**Example:**
- SecRule ... phase:2.6,id:1
- SecRule ... phase:2,id:2
- SecRule ... phase:2.3,id:3
Execution order: 2, 3, 1
**References:** https://github.com/SpiderLabs/ModSecurity/issues/371