How to access rule details in lua

Question

How to access rule details in lua

sharmashivanand opened this issue 3 years ago · 1 comments

How to access rule.msg or rule.tag via lua?

modsecurity_rules 'SecRule RESPONSE_STATUS "@streq 403" "id:221,log,logdata:\'!!!!!!!!!!!!! CAUGHT !!!!!!!!!!!!!!!!\',exec:/tmp/test.lua"';

Here's the Lua script

#!/usr/bin/lua


function main()
    -- This executes on service start
    m.log(1, "Starting script execution \n")
    local fileHandle = assert(io.open('/tmp/lua_output.txt', 'a+'))
    fileHandle:write("--- REMOTE_ADDR ---\n")
    fileHandle:write(m.getvar("REMOTE_ADDR"))
    fileHandle:write(m.getvar("rule var / specs"))
    fileHandle:write()
    fileHandle:write("\n")
    -- This executes on service shutdown
    m.log(1, "Script execution finished\n")
end

Answer 1 · 2022-02-17T19:00:30.000Z

Hello @sharmashivanand ,

One option available to you is to use a TX variable to hold the string that you want to share with your lua script and use that same TX variable content for your 'logdata' (etc.) action. Have a look at owasp-modsecurity/ModSecurity#2527 for a roughly similar idea.