Skip to content

use setenv as variable in nginx logging #296

Closed
@weestack

Description

@weestack

Hello there,

In apache its possible to use environment variables defined in modsecurity for the apaches access logging, I have been trying to use the same for nginx, but so far have not been able to, is this something thats only implemented for apache?

Modescurity.con:

[...]
SecAction "id:90100,phase:5,pass,nolog,\
  setvar:TX.perf_modsecinbound=$PERF_PHASE1,\
  setvar:TX.perf_modsecinbound=+$PERF_PHASE2,\
  setvar:TX.perf_application=$TX.ModSecTimestamp3start,\
  setvar:TX.perf_application=-$TX.ModSecTimestamp2end,\
  setvar:TX.perf_modsecoutbound=$PERF_PHASE3,\
  setvar:TX.perf_modsecoutbound=+$PERF_PHASE4,\
  setenv:ModSecTimeIn=%{TX.perf_modsecinbound},\
  setenv:ApplicationTime=%{TX.perf_application},\
  setenv:ModSecTimeOut=%{TX.perf_modsecoutbound},\
  setenv:ModSecAnomalyScoreInPLs=%{tx.anomaly_score_pl1}-%{tx.anomaly_score_pl2}-%{tx.anomaly_score_pl3}-%{tx.anomaly_score_pl4},\
  setenv:ModSecAnomalyScoreOutPLs=%{tx.outbound_anomaly_score_pl1}-%{tx.outbound_anomaly_score_pl2}-%{tx.outbound_anomaly_score_pl3}-%{tx.outbound_anomaly_score_pl4},\
  setenv:ModSecAnomalyScoreIn=%{TX.anomaly_score},\
  setenv:ModSecAnomalyScoreOut=%{TX.outbound_anomaly_score}"
[...]

nginx.conf

[...]
log_format server '$remote_addr $loc $webapp [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" "$http_x_forwarded_for" ss"$ModSecTimeIn"';
[...]

Where in Apache you would be able to use the env vars like this:

ErrorLogFormat          "[%{cu}t] [%-m:%-l] %-a %-L %M"
LogFormat "%h %{GEOIP_COUNTRY_CODE}e %u [%{%Y-%m-%d %H:%M:%S}t.%{usec_frac}t] \"%r\" %>s %b \
\"%{Referer}i\" \"%{User-Agent}i\" \"%{Content-Type}i\" %{remote}p %v %A %p %R \
%{BALANCER_WORKER_ROUTE}e %X \"%{cookie}n\" %{UNIQUE_ID}e %{SSL_PROTOCOL}x %{SSL_CIPHER}x \
%I %O %{ratio}n%% %D %{ModSecTimeIn}e %{ApplicationTime}e %{ModSecTimeOut}e \
%{ModSecAnomalyScoreInPLs}e %{ModSecAnomalyScoreOutPLs}e \
%{ModSecAnomalyScoreIn}e %{ModSecAnomalyScoreOut}e" extended

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions