Skip to content

[V3] Allow the callback function to receive and log a http return code #1919

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

[V3] Allow the callback function to receive and log a http return code #1919

wants to merge 1 commit into from
+4 −4

Conversation

@stevendore
Copy link
Contributor

@stevendore stevendore commented Sep 28, 2018

As discussed in #1916, there is an issue where the callback function will not insert the http return code into the message even though the audit log contained the correct message.
ex: callback: ModSecurity: Access denied with code %d (phase 2). Matched "Operator Rx with parameter a....
auditlog: ModSecurity: Access denied with code 200 (phase 2). Matched "Operator Rx with parameter a...

After some digging through the code for the process for the callback I found that the callback is only called through Transaction::serverLog() which contains the function ModSecurity::serverLog(m_logCbData, rm). ModSecurity has no access/reference to the Transaction::m_httpCodeReturned so it would have had to been passed by Transaction::serverLog() with this->m_httpCodeReturned to be able to be passed into the RuleMessage::log() to generate the callback message. After this patch I am able to get the http return code into the callback function message parameter.

Though I am unsure how/if props should be set or in ModSecurity::serverLog(). I am also unsure in the case that RuleMessageLogProperty is set, how to best pass the m_httpCodeReturned to the rule message or callback function.

Additionally I noticed in ModSecurity::serverLog() there might be bug due to the repeated code in the if statement.

@stevendore stevendore mentioned this pull request Sep 28, 2018
Closed
@victorhora victorhora requested a review from zimmerle October 13, 2018 23:29
@victorhora victorhora assigned victorhora and zimmerle and unassigned victorhora Oct 13, 2018
@victorhora victorhora added enhancement RIP - libmodsecurity 3.x Related to ModSecurity version 3.x labels Nov 1, 2018
@victorhora victorhora added this to the v3.0.4 milestone Nov 5, 2018
@zimmerle
Copy link
Contributor

zimmerle commented Nov 29, 2018

Hi @steven-j-wojcik,

As of v3.0.3 the logging schema was restructured, as a consequence this issue was mitigated. I am sorry to close this without a merge. Thanks for the contribution. I am putting your name as a contributor for the previous change.
https://github.com/SpiderLabs/ModSecurity/blob/af137442d5389fb24c5dece2dd951a2ce9e9c9aa/CHANGES#L31-L32

@zimmerle zimmerle closed this Nov 29, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@zimmerle zimmerle Awaiting requested review from zimmerle

Assignees

@zimmerle zimmerle

Labels

3.x Related to ModSecurity version 3.x enhancement RIP - libmodsecurity

Projects

None yet

Milestone

v3.1.0

Development

Successfully merging this pull request may close these issues.

3 participants

@stevendore @zimmerle @victorhora