-
Notifications
You must be signed in to change notification settings - Fork 387
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
modsecurity: make pipeline selection more robust when nginx is configured with server_tokens off #7397
Conversation
…ured with server_tokens off
🌐 Coverage report
|
Pinging @elastic/security-external-integrations (Team:Security-External Integrations) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM. But would be nice to add the specific test scenario from the issue mentioned
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
Package modsecurity - 1.11.1 containing this change is available at https://epr.elastic.co/search?package=modsecurity |
…ured with server_tokens off (#7397)
What does this PR do?
The
transaction.response.headers.Server
field may be absent when server_tokens is set to off, so also consider thetransaction.producer.connector
field when determining pipeline to run. Also protect dereferences.Checklist
changelog.yml
file.Author's Checklist
How to test this PR locally
Related issues
Screenshots