search

owasp-modsecurity / ModSecurity-nginx

ModSecurity v3 Nginx Connector
Apache License 2.0
1.59k stars 282 forks source link

Print ModSecurity version from nginx connector #316

Closed theseion closed 7 months ago

theseion commented 7 months ago

With the nginx connector (v3), the log output currently looks like this:

2024/04/04 16:11:33 [notice] 630#630: ModSecurity-nginx v1.0.3 (rules loaded inline/local/remote: 0/824/0)
2024/04/04 16:11:37 [notice] 1#1: ModSecurity-nginx v1.0.3 (rules loaded inline/local/remote: 0/824/0)
2024/04/04 16:11:37 [notice] 1#1: using the "epoll" event method
2024/04/04 16:11:37 [notice] 1#1: nginx/1.25.3
2024/04/04 16:11:37 [notice] 1#1: built by gcc 12.2.0 (Debian 12.2.0-14) 
2024/04/04 16:11:37 [notice] 1#1: OS: Linux 6.1.0-18-amd64

It would be helpful to also log the ModSecurity version, not only the connector version.

airween commented 7 months ago

Thanks, I think that's a really useful feature request.

What do you think, what would be the better solution: make a new, separated line, or would be fine to append to the first line (before the part (rules loaded...)?

theseion commented 7 months ago

I think it's fine to append it to the same line. The ModSec and connector versions belong together anyway. Maybe prepend it though: ModSecurity v3.0.12, ModSecurity-nginx v1.0.3....

airween commented 7 months ago

Please take a review: https://github.com/owasp-modsecurity/ModSecurity-nginx/pull/319.

theseion commented 7 months ago

Fixed by #319.