[Owasp-modsecurity-core-rule-set] exec: script for specific directory

hans mayer mod.sec at ma.yer.at
Thu Jul 19 20:11:59 UTC 2018


Dear All,

My environment: Apache/2.4 , engine mode: /modsecurity 2.7+

I want to achieve whenever any security rule is triggered a script 
should be executed for a specific directory.

In the global Apache security module settings I have this line:

SecDefaultAction "phase:2,deny,log,status:406"

which does it's job very well

So my idea was I define a similar line for this specific directory. In 
my apache http.conf I have:

<Directory  "/some/directory/path">
      SecDefaultAction "phase:2,deny,log,status:406,exec:/path/to/script"
</Directory>

But obviously it doesn't work. The originally SecDefaultAction is maybe 
executed first and not over ruled.
/path/to/script is never executed.
But an attack is successfully blocked.

To verify if this script is generally working I modified this line to:

SecAction "id:10003,pass,auditlog,log,phase:5,msg:'log 
everything',exec:///path/to/script"

And this works fine. My script is executed. But it triggers each time a 
browser is going to "/some/directory/path" on this server. Even if it's 
doing legal things.

Any idea how I could solve my problem ? Any help is appreciated.

I know version 3 is out with a lot of bugfixes. But currently I don't 
want to upgrade.

Kind regards
Hans

-- 




More information about the Owasp-modsecurity-core-rule-set mailing list