• caglararli@hotmail.com
  • 05386281520

How to log custom http headers in ModSecurity Warning while using OWASP Core Rule Set

Çağlar Arlı      -    27 Views

How to log custom http headers in ModSecurity Warning while using OWASP Core Rule Set

I have three custom HTTP headers called X-Username, X-Role and X-Realm, I want to log the content of this header in the warning logs when some of the the rules are matched for a HTTP request.

I have edited one rule to log the header values

ModSecurity: Warning. Matched "Operator Gt' with parameter 5' against variable TX:ANOMALY_SCORE' (Value: 30' ) [file "/usr/local/coreruleset-4.4.0/rules/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf"] [line "82"] [id "9990004"] [rev ""] [msg "Blocking request with captured headers"] [data "X-Username: username, X-Role: admin, X-Realm: realm"] [severity "0"] [ver ""] [maturity "0"] [accuracy "0"] [tag "application-attack"] [hostname "10.38.135.193"] [uri "/"] [unique_id "173028670423.657145"] [ref ""]

How do I add this data to every rule without manually editing each one?