Skip to content

Fix error logging for standalone module #3374

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
May 14, 2025
Merged

Fix error logging for standalone module #3374

merged 2 commits into from
May 14, 2025
+17 −2

Conversation

RedXanadu
Copy link

what

This PR:

  • Restores the original format string for error logging for ModSecurity when compiled as a standalone module.
  • The format string has the explicit [client %s] back again: this is required for standalone modules as Apache is not present to implicitly log the client source IP address.
  • The fix is achieved by adding conditional compilation directives so that for standalone mode the old error logging format strings are used.

why

It is essential for the client source IP address to be written to the error log. This is required for resolving false positives, monitoring, detecting attacks, and the majority of day to day WAF operations.

This PR fixes the bug introduced in an attempt to tidy error logging for Apache in PR #3192.

references

closes #3373

@RedXanadu RedXanadu mentioned this pull request May 9, 2025
Closed
@RedXanadu
Copy link
Author

I have tested this on a standalone installation of ModSecurity v2.9.8 and can confirm that it restores client IP address logging as intended.

@airween
Copy link
Member

airween commented May 9, 2025

A reminder to me (or to us 😄) - we should add more tests, eg. which will check standalone build (and test it...?) too.

airween
airween previously approved these changes May 9, 2025
View reviewed changes
@airween
Copy link
Member

airween commented May 13, 2025

Thanks @RedXanadu,

my last request: could you pick up the current state from v2/master and rebase your tree? I've added some new tests. Thanks!

RedXanadu added 2 commits May 14, 2025 11:51
@RedXanadu
Add extra conditional compilation for err logging
652b942 
Restores the original format string for error logging for ModSecurity
when compiled as a standalone module. Specifically, the format string
has "[client %s]" back again: this is required for standalone modules as
Apache is not present to implicitly log the client source IP address.
@RedXanadu
Correct indentation
0c7dadc
@RedXanadu RedXanadu force-pushed the fix_standalone_error_logging branch from b16f088 to 0c7dadc Compare May 14, 2025 10:52
@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@RedXanadu
Copy link
Author

RedXanadu commented May 14, 2025
edited
Loading

@airween Sure: now rebased onto the current v2/master.

@airween
Copy link
Member

airween commented May 14, 2025

@airween Sure: now rebased onto the current v2/master.

Awesome, thank you!

airween
airween approved these changes May 14, 2025
View reviewed changes
Copy link
Member

@airween airween left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@airween airween merged commit 9bc3300 into owasp-modsecurity:v2/master May 14, 2025
82 checks passed
@RedXanadu RedXanadu deleted the fix_standalone_error_logging branch May 14, 2025 17:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@airween airween airween approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@RedXanadu @airween