SSL cert entry logs are not present in /var/logs/modsec_auddit.log file.

[vivekch0976]

Describe the bug

I am trying to enable allowing specific ssl certificate, I already set rules inside /etc/nginx/modsec/rules/ssl-client_certifcate.conf and also configure ngix for taking this certificate. I am able to do curl with client cert and key but its not logging inside modsec_audit.log.

[airween]

hi @vivekch0976,

could you share your ssl-client_certificate.conf file? How do your rules look like?

And also please take a look about the new issue page: choose a version and please fill that carefully. Eg. we need to know the versions, etc..

[vivekch0976]

Hello @airween here it is.

SecRule REQUEST_HEADERS:X-SSL-CERT "contains '<client-crt-cn>'" \
    "id:1001,phase:1,t:none,log,pass,msg:'Allowed SSL certificate'"

[airween]

Thanks,

are you sure the X-SSL-CERT header is there?

You can set up your debug log:

SecDebugLogLevel 9
SecDebugLog /var/log/nginx/modsec_debug.log

Restart your Nginx and check again. You have to see the rule's result in that log, eg

.... Rule returned 0.

or

.... Rule returned 1.

If the value is 0 then it means:

• no header with that name
• header presents but with not that value

[vivekch0976]

Hello, yes header is there in my own nginx conf file

Only add the header if the client certificate is valid

    if ($ssl_client_verify = SUCCESS) {
        add_header X-SSL-CERT $ssl_client_s_dn;
    }

    # Optional: Respond with 400 if the certificate is not valid
    if ($ssl_client_verify != SUCCESS) {
        return 400 "Client certificate required and not provided or invalid.";
    }

but still i am not able to see anything logs, i am doing testing via curl command (sudo curl -v --insecure --key client.pem --cert client.crt --cacert /etc/nginx/ssl/ca.crt https://, also i am using self signed certificate. ) Thanks