[Owasp-modsecurity-core-rule-set] exec: script for specific directory
mod.sec at ma.yer.at
Thu Jul 19 20:11:59 UTC 2018
My environment: Apache/2.4 , engine mode: /modsecurity 2.7+
I want to achieve whenever any security rule is triggered a script
should be executed for a specific directory.
In the global Apache security module settings I have this line:
which does it's job very well
So my idea was I define a similar line for this specific directory. In
my apache http.conf I have:
But obviously it doesn't work. The originally SecDefaultAction is maybe
executed first and not over ruled.
/path/to/script is never executed.
But an attack is successfully blocked.
To verify if this script is generally working I modified this line to:
And this works fine. My script is executed. But it triggers each time a
browser is going to "/some/directory/path" on this server. Even if it's
doing legal things.
Any idea how I could solve my problem ? Any help is appreciated.
I know version 3 is out with a lot of bugfixes. But currently I don't
want to upgrade.
More information about the Owasp-modsecurity-core-rule-set