REQUEST_FILENAME variable is not getting correctly set
#2853
Labels
3.x
Related to ModSecurity version 3.x
Comments
|
Hello @PrajwalKrishna , Do you have a use case where REQUEST_FILENAME includes the domain when running with nginx and the Connector (ModSecurity-nginx)? |
|
Hey @martinhsv my use-case is more general where I use it as an edge firewall, I see some false positive when using core-rule sets which can be resolved if the domain name was not there. |
|
Bug is fixed in the by - #3048 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
REQUEST_FILENAMEvariable is not getting correctly set inTransaction::processURI()To Reproduce
Steps to reproduce the behavior:
Transactionvariable, define in transaction.hWe are get the value as
https://fruits.com/mango/apple.txt, instead of/mango/apple.txt.Expected behavior
REQUEST_FILENAMEvariable to be the relative path of the file (without domain name). This can be seen in the definition of the variable as per docs - https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual-(v2.x)#request_filename.Additional context
Solving this issue should be pretty simple, we do later parse the URI to remove the domain information, we should use the parsed URI. Happy to put up the fix, if this indeed is a bug.
The text was updated successfully, but these errors were encountered: