apache - configure error page to show the log of modsecurity -


i looking way make msg information of rule (which rule had been triggered) appears in error and/or audit log files , sent client in response headers. understand there phase "msg" doesn't sent client in response headers information it's doesn't me. want see information of log in error page in html, can do? thank help, vladi.

it's bad idea let client know went wrong. hacker use work around security framework. better approach combination of mod_unique_id , customized error pages. steps follow:

  • enable mod_unique_id apache configuration
  • create customized error pages http return codes you're interested in (example below)
  • enable in apache config (errordocument 403 /<url_path_to>/403.php example)

here's example 403 error page, let's call 403.php (and no, pure static page won't work):

<?php  $protocol = $_server['server_protocol'];  header("$protocol 403 forbidden");  header("status: 403 forbidden");  header("connection: close");  $msg = $_server["unique_id"]; ?> <html><head>  <title>you have no access resource (403)</title> </head><body> <p>an error occured. please tell admin error code: <?php echo $msg; ?></p> </body></html> 

that's abbreviated variant no styling etc (you might want enhance this), incidentally kept simple understanding. $msg print unique code. client can tell code, , can use exact line in error log, see rule triggered etc.


Comments

Popular posts from this blog

Why does Ruby on Rails generate add a blank line to the end of a file? -

keyboard - Smiles and long press feature in Android -

node.js - Bad Request - node js ajax post -