search

corazawaf / coraza

OWASP Coraza WAF is a golang modsecurity compatible web application firewall library
https://www.coraza.io
Apache License 2.0
2.27k stars 225 forks source link

TIME variables support #1220

Open geoolekom opened 1 week ago

geoolekom commented 1 week ago

Summary

We would like to request support for the TIME variable and other time-related variables (TIME_DAY, TIME_EPOCH, etc.) in Coraza WAF. These variables are critical for logging and rule creation, improving the granularity and usability of logs.

Basic example

For example, the rule like that would benefit from such variables:

SecRule ARGS:exec "@contains /bin/bash" "id:1234,log,deny,msg:'[%{TIME_EPOCH}] Request blocked.'"

These variables would provide more comprehensive information in logs:

[ModSecurity] [1699951234] Request blocked.

Motivation

Adding support for TIME and related variables would enhance Coraza's functionality, aligning it more closely with ModSecurity features. This is particularly useful for implementing time-based rules and improving the context of logged events, such as debugging and rule evaluation.

Could you also advise on the preferred approach for implementation? We are interested in contributing via a pull request and would like to align with project guidelines.

jptosso commented 1 week ago

Noted. We are missing this feature