SecRuleUpdateActionById redirect not working #2005
Comments
|
more investigation: the request with anomaly score 18 will not be blocked nether redirected nor writing the message, even it appears in modsecurity audit log as it matched the rules by taking (msg:'testing if it triggered',deny,redirect:'https://%{request_headers.host}/') to rule 959110 it works as expected (writing the msg and redirecting) |
|
Hi, @MonstreCharmant I've added the following test case to our regression: It seem that SecRuleUpdateActionById is working just fine with the redirect action. Can you confirm? |
Describe the bug
The redirect action doesn't work. I wanted to redirect a php-leakage page back to the index page, but it never did. This is the rule I used in RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf file:
Logs and dumps
Here are the DebugLogs (level 9), AuditLogs and Error logs
I also attached the "test.php" file, which I accessed to test the rule. You can easily expect the output.
The nginx.conf file is additional, in case that you'll want to have a look.
Steps to reproduce the behavior
Just access /test.php page and it seemed to lost connection. You can have a try.
Example error page
Expected behavior
It should redirect me back to the index page, but it didn't.
Server
ModSecurity version (and connector):
ModSecurity v3.0.3
Not sure, I only know it's v1.0.*
WebServer: nginx-1.14.2
OS: CentOS Linux release 7.6.1810 (Core)
Rule Set
OWASP ModSecurity Core Rule Set ver.3.2.0
Please let me know if you need any further information, thanks.
P.S.
An interesting thing is, if I set the outbound threshold to a larger value, the error page will be printed out, but still not redirceting me to the index page.
access.log
error.log
modsec_audit.log
modsec_debug.log
nginx.conf.txt
test.php.txt
website.conf.txt
The text was updated successfully, but these errors were encountered: