Actions make ModSecurity tick. They make it possible to react to events and, more importantly,they are the glue that hold everything else together and make the advanced features possible. They are also the most overloaded element of the rule language. Because of the constraints of the Apache configuration syntax, within the rule language exists, actions are used to carry everything other than variables and operators. Actions can be split into 7 categories.
分为7种:
Disruptive actions
破坏性行为
Disruptive actions (Table 5.13, “Disruptive actions”) specify what a rule wants to do on a match. Each rule must be associated with exactly one disruptive action. The pass action is the only exception, as it will allow processing to continue when a match occurs. All other actions from this category will block in some specific way.
Action Description
allow Stop processing of one or more remaining phases
block Indicates that a rule wants to block
deny Block transaction with an error page
drop Close network connection
pass Do not block, go to the next rule
proxy Proxy request to a backend web server
redirect Redirect request to some other web server
Flow actions 流动行为
Flow actions (Table 5.14, “Flow actions”) alter the way rules are processed within a phase.
chain Connect two or more rules into a single logical rule
skip Skip over one or more rules that follow
skipAfter Skip to the rule or marker with the provided ID
Metadata actions 元数据行为
Metadata actions (Table 5.15, “Metadata actions”) provide additional information about
rules. The information is meant to accompany the error messages to make it easier to understand why they occurred.
元数据操作提供了关于规则的附加信息
id Assign unique ID to a rule 为规则分配唯一的标识
phase Phase for a rule to run in 一个规则运行的阶段
msg Message string
rev Revision number 修订号
severity Severity 严重程度
tag Tag
Variable actions
Variable actions (Table 5.16, “Variable actions”) deal with variables. They allow you to set,change and remove variables.
capture Capture results into one or more variables 捕捉到一个或多个变量的结果
deprecatevar Decrease numerical variable value over time 随着时间的推移减少数值变量值
expirevar Remove variable after a time period 一段时间后删除变量
initcol Create a new persistent collection 创建一个新的集合
setenv Set or remove an environment variable
setvar Set, remove, increment or decrement a variable
setuid Associate current transaction with an application user ID (username) 关联当前事务的应用程序用户标识(用户名)
setsid Associate current transaction with an application session ID 将当前事务与应用程序会话标识关联
Logging actions
Logging actions influence the way logging is done. The actions that influence if logging takes place (auditlog, log, noauditlog, and nolog) only control current rule affects logging if it matches. To control logging for the transaction as a whole you’ll need to use the ctl action.
auditlog Log current transaction to audit log 审计日志
log Log error message; implies auditlog
logdata Log supplied data as part of error message
noauditlog Do not log current transaction to audit log
nolog Do not log error message; implies noauditlog
sanitiseArg Remove request parameter from audit log
sanitiseMatched Remove parameter in which a match occurred from audit log
sanitiseRequestHeader Remove request header from audit log
sanitiseResponseHeader Remove response header from audit log
Special actions
Special actions (Table 5.18, “Special actions”) are gateways of sort; they provide access to another class of functionality. The ctl action has several sub-actions of its own and allows engine configuration to be changed only the current transaction. The multiMatch rule activates a special way of matching in which the rule operator is run after every transformation(normally, the operator is run only once after all transformations). The t action is used to specify zero or more transformations that will be applied to variables before an operator is run.
ctl Change configuration of current transaction
multiMatch Activate multi-matching, where an operator runs after every transformation
t Specify transformation functions to apply to variables before matching
Miscellaneous actions
Miscellaneous actions (Table 5.19, “Miscellaneous actions”) contain the actions that don’t belong in any of the groups.
append Append content to response body
exec Execute external script
pause Pause transaction
prepend Prepend content to response body
status Specify response status code to use with deny and redirect
xmlns Specify name space for use with XPath expressions
扫一扫
387
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
