Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Implement support to variable WEBSERVER_ERROR_LOG inside libmodsecurity #1028

Closed
zimmerle opened this issue Dec 9, 2015 · 2 comments
Closed

Comments

@zimmerle
Copy link
Contributor

zimmerle commented Dec 9, 2015

More information about WEBSERVER_ERROR_LOG can be found at ModSecurity reference manual: https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual

@zimmerle zimmerle added this to the v3.0.0 milestone Dec 9, 2015
@zimmerle zimmerle modified the milestones: v3.0.0 owasp compatible, v3.0.0 feature complete Mar 28, 2016
@zimmerle zimmerle self-assigned this Jul 8, 2016
@zimmerle
Copy link
Contributor Author

zimmerle commented Jul 8, 2016

The variable WEBSERVER_ERROR_LOG is used by OWASP CRS version 3 and version 2, both versions read this variable to identify a possible request violation that was treated internally by Apache. As result of the reading, in case there is a request violation, a warning is generated.

Since it is not feasible to implement it in all platforms that we desire to support, I am removing the support to this variable. If you think otherwise, please re-open this issue for discussion.

@dune73
Copy link
Member

dune73 commented Jul 8, 2016

I agree the single CRS rule using this is not very useful. But the variable in general seems worthwhile.

Why is not feasible to support it on other platforms?

We have other variables that are empty in certain phases. Why can't it be empty, if the platform does not support it?

# for free to join this conversation on GitHub. Already have an account? # to comment
Projects
None yet
Development

No branches or pull requests

2 participants