Modsecurity : Creating a new Request Header from SecRule

mod-security

Consider the following redirect SecRule which is activated from a Lua script

SecRule &TX:SQLI "@eq 1" "id:'129793',phase:2,t:none,redirect:http://www.example.com/failed.html,msg:'SQLi Injection Payload Found',setvar:REQUEST_HEADERS:Blocked"

When the variable tx.sqli is given a value the rule is activated. The redirection is successful, but the rule attempts to create a new "Blocked" request header. However, the creation is unsuccessful.

The log in the debugger outputs the following:

Could not set variable "REQUEST_HEADERS.Blocked" as the collection does not exist.

This is obviously incorrect. How does Modsecurity create new request header?


Solution 1:

In ModSecurity most of the standard collections (including REQUEST_HEADERS) are read only. You would therefore set a variable not a REQUEST_HEADER.

It doesn't usually make sense to set a REQUEST_HEADER. A RESPONSE_HEADER I can see more use for but its similarly read-only and to alter that you need to use the standard mod_headers module:

#Use ModSecurity to set an env variable
SecRule &TX:SQLI "@eq 1" "id:'129793',phase:2,set-env:BLOCK_RESPONSE"

#Use mod_header to set Header based on that env variable
Header set Blocked "True" env=BLOCK_RESPONSE

Though honestly not sure how or if that would work with a redirect as a ModSecurity action or whether that happens immediately.

Related

Can anyone recommend a book on Kerberos that mentions AD 2008? [closed]
Centos server not using SWAP properly and getting OOM
How to set right Alt to work as a Win(Super) key?
Ubuntu 64-bit "Failed to fetch file [..] binary-i386/Packages" error while updating apt repos
Recursive HTML to PDF
Shortcuts to SSH clients
Video editing app for lowering background noise while evidentiating slow voice?
How to activate gcc 4.7 version?
How to let Ubuntu index and find files on a different (Windows) drive when searching?
setting the default gpu
How to format a 4k sector hard drive?
Dell XPS 13 (9370) Bluetooth issues