Blame ext/README

Packit Service 384592
Custom ModSecurity Modules
Packit Service 384592
--------------------------
Packit Service 384592
Packit Service 384592
This directory contains three examples how you can extend
Packit Service 384592
ModSecurity without having to touch it directly, simply
Packit Service 384592
by creating custom Apache modules.
Packit Service 384592
Packit Service 384592
NOTE: ModSecurity must be compiled with API support
Packit Service 384592
      to use this feature (the API is enabled by default,
Packit Service 384592
      but it will have been disabled if you used -DNO_MODSEC_API).
Packit Service 384592
Packit Service 384592
Packit Service 384592
Building the Example Custom Modules
Packit Service 384592
-----------------------------------
Packit Service 384592
Packit Service 384592
1) Example custom transformation function module
Packit Service 384592
Packit Service 384592
Module mod_tfn_reverse.c creates a custom transformation
Packit Service 384592
function "reverse" that reverses the content it receives
Packit Service 384592
on input.
Packit Service 384592
Packit Service 384592
# Compile as a normal user
Packit Service 384592
  apxs -I<MODSECURITY_SOURCE_CODE> -I/usr/include/libxml2 \
Packit Service 384592
       -ca mod_tfn_reverse.c
Packit Service 384592
Packit Service 384592
  # Install as superuser
Packit Service 384592
  sudo apxs -i mod_tfn_reverse.la
Packit Service 384592
Packit Service 384592
Packit Service 384592
2) Example custom operator module
Packit Service 384592
Packit Service 384592
Module mod_op_strstr.c creates a custom operator "strstr"
Packit Service 384592
that implements fast matching using the Boyer-Moore-Horspool
Packit Service 384592
algorithm.
Packit Service 384592
Packit Service 384592
  # Compile as a normal user
Packit Service 384592
  apxs -I<MODSECURITY_SOURCE_CODE> -I/usr/include/libxml2 \
Packit Service 384592
       -ca mod_op_strstr.c
Packit Service 384592
Packit Service 384592
  # Install as superuser
Packit Service 384592
  sudo apxs -i mod_op_strstr.la
Packit Service 384592
Packit Service 384592
Packit Service 384592
3) Example custom target variable module
Packit Service 384592
Packit Service 384592
Module mod_var_remote_addr_port.c creates a custom variable "REMOTE_ADDR_PORT"
Packit Service 384592
that combines the REMOTE_ADDR and REMOTE_PORT into a.b.c.d:port format.
Packit Service 384592
Packit Service 384592
  # Compile as a normal user
Packit Service 384592
  apxs -I<MODSECURITY_SOURCE_CODE> -I/usr/include/libxml2 \
Packit Service 384592
       -ca mod_var_remote_addr_port.c
Packit Service 384592
Packit Service 384592
  # Install as superuser
Packit Service 384592
  sudo apxs -i mod_var_remote_addr_port.la
Packit Service 384592
Packit Service 384592
Packit Service 384592
3) Example custom request body parser module
Packit Service 384592
Packit Service 384592
Module mod_reqbody_example.c creates a custom request body parser named
Packit Service 384592
"EXAMPLE".  It does noting in particular, but shows the basic structure
Packit Service 384592
of such a module.
Packit Service 384592
Packit Service 384592
  # Compile as a normal user
Packit Service 384592
  apxs -I<MODSECURITY_SOURCE_CODE> -I/usr/include/libxml2 \
Packit Service 384592
       -ca mod_reqbody_example.c
Packit Service 384592
Packit Service 384592
  # Install as superuser
Packit Service 384592
  sudo apxs -i mod_var_remote_addr_port.la
Packit Service 384592
Packit Service 384592
  # Write a phase 1 rule to set the parser
Packit Service 384592
  SecAction "phase:1,pass,nolog,ctl:requestBodyProcessor=EXAMPLE"
Packit Service 384592
Packit Service 384592
Packit Service 384592
Using the Modules
Packit Service 384592
-----------------
Packit Service 384592
Packit Service 384592
Once the modules are built and installed, you load them like any other Apache module, but they must be loaded *after* the mod_security2.so module.
Packit Service 384592
Packit Service 384592
  # Load ModSecurity
Packit Service 384592
  LoadModule security2_module modules/mod_security2.so
Packit Service 384592
Packit Service 384592
  # Load ModSecurity custom modules
Packit Service 384592
  LoadModule tfn_reverse_module modules/mod_tfn_reverse.so
Packit Service 384592
  LoadModule op_strstr_module modules/mod_op_strstr.so
Packit Service 384592
  LoadModule var_remote_addr_port_module modules/mod_var_remote_addr_port.so
Packit Service 384592
Packit Service 384592
  # All three custom var/op/tfn used
Packit Service 384592
  SecRule REMOTE_ADDR_PORT "@strstr 1.2.3.4:5678" "t:reverse"
Packit Service 384592