Closed
Description
Hello there,
In apache its possible to use environment variables defined in modsecurity for the apaches access logging, I have been trying to use the same for nginx, but so far have not been able to, is this something thats only implemented for apache?
Modescurity.con:
[...]
SecAction "id:90100,phase:5,pass,nolog,\
setvar:TX.perf_modsecinbound=$PERF_PHASE1,\
setvar:TX.perf_modsecinbound=+$PERF_PHASE2,\
setvar:TX.perf_application=$TX.ModSecTimestamp3start,\
setvar:TX.perf_application=-$TX.ModSecTimestamp2end,\
setvar:TX.perf_modsecoutbound=$PERF_PHASE3,\
setvar:TX.perf_modsecoutbound=+$PERF_PHASE4,\
setenv:ModSecTimeIn=%{TX.perf_modsecinbound},\
setenv:ApplicationTime=%{TX.perf_application},\
setenv:ModSecTimeOut=%{TX.perf_modsecoutbound},\
setenv:ModSecAnomalyScoreInPLs=%{tx.anomaly_score_pl1}-%{tx.anomaly_score_pl2}-%{tx.anomaly_score_pl3}-%{tx.anomaly_score_pl4},\
setenv:ModSecAnomalyScoreOutPLs=%{tx.outbound_anomaly_score_pl1}-%{tx.outbound_anomaly_score_pl2}-%{tx.outbound_anomaly_score_pl3}-%{tx.outbound_anomaly_score_pl4},\
setenv:ModSecAnomalyScoreIn=%{TX.anomaly_score},\
setenv:ModSecAnomalyScoreOut=%{TX.outbound_anomaly_score}"
[...]
nginx.conf
[...]
log_format server '$remote_addr $loc $webapp [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" "$http_x_forwarded_for" ss"$ModSecTimeIn"';
[...]
Where in Apache you would be able to use the env vars like this:
ErrorLogFormat "[%{cu}t] [%-m:%-l] %-a %-L %M"
LogFormat "%h %{GEOIP_COUNTRY_CODE}e %u [%{%Y-%m-%d %H:%M:%S}t.%{usec_frac}t] \"%r\" %>s %b \
\"%{Referer}i\" \"%{User-Agent}i\" \"%{Content-Type}i\" %{remote}p %v %A %p %R \
%{BALANCER_WORKER_ROUTE}e %X \"%{cookie}n\" %{UNIQUE_ID}e %{SSL_PROTOCOL}x %{SSL_CIPHER}x \
%I %O %{ratio}n%% %D %{ModSecTimeIn}e %{ApplicationTime}e %{ModSecTimeOut}e \
%{ModSecAnomalyScoreInPLs}e %{ModSecAnomalyScoreOutPLs}e \
%{ModSecAnomalyScoreIn}e %{ModSecAnomalyScoreOut}e" extended
Metadata
Metadata
Assignees
Labels
No labels