How to log custom http headers in ModSecurity Warning while using OWASP Core Rule Set
I have three custom HTTP headers called X-Username, X-Role and X-Realm, I want to log the content of this header in the warning logs when some of the the rules are matched for a HTTP request.
I have edited one rule to log the header values
ModSecurity: Warning. Matched "Operator
Gt' with parameter5' against variableTX:ANOMALY_SCORE' (Value:30' ) [file "/usr/local/coreruleset-4.4.0/rules/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf"] [line "82"] [id "9990004"] [rev ""] [msg "Blocking request with captured headers"] [data "X-Username: username, X-Role: admin, X-Realm: realm"] [severity "0"] [ver ""] [maturity "0"] [accuracy "0"] [tag "application-attack"] [hostname "10.38.135.193"] [uri "/"] [unique_id "173028670423.657145"] [ref ""]
How do I add this data to every rule without manually editing each one?
