[Owasp-modsecurity-core-rule-set] [JIRA] Resolved: (CORERULES-67) Unique Request ID

Ryan Barnett (JIRA) rbarnett at trustwave.com
Mon Mar 21 14:12:28 EDT 2011


     [ https://www.modsecurity.org/tracker/browse/CORERULES-67?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Ryan Barnett resolved CORERULES-67.
-----------------------------------

    Resolution: Fixed

A new variable that holds the mod_uniqueid data (UNIQUE_ID) was created for v2.6 -

https://www.modsecurity.org/tracker/browse/MODSEC-212

> Unique Request ID
> -----------------
>
>                 Key: CORERULES-67
>                 URL: https://www.modsecurity.org/tracker/browse/CORERULES-67
>             Project: Core Rules
>          Issue Type: Improvement
>      Security Level: Normal
>         Environment: All
>            Reporter: Colin Watson
>            Assignee: Ryan Barnett
>            Priority: Wish
>
> Could ModSecurity CRS create a unique (sequential?) ID for each and every request per virtual host/site, and add this to the X-WAF headers?  This could then be used as a request identifier to correlate information in ModSecurity logs and actions, with other security event data (e.g. in application logs) where there may be more than one event per request.
> The IDs would be needed for static as well as dynamic content requests, whether or not there was some sort of error, or not.  For example, a not found error for an image file, and a page request using an unsupported request method, would both have IDs.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://www.modsecurity.org/tracker/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        



More information about the Owasp-modsecurity-core-rule-set mailing list