Executing shell scripts
ModSecurity can execute an external shell script when a rule matches. This is done via the exec
action. This is a very powerful technique that allows you to invoke the full power of your favorite scripting language to take further action when a rule match occurs. You can in fact also invoke a binary program file, though most of the time a shell script will be more convenient to execute.
The invoked file must be executable by the Apache process, so make sure that you set the permissions on the file correctly. One catch when invoking a script is that the script must write something to stdout
. If your script doesn't do this, ModSecurity will assume the execution has failed, and you will get the error message Execution failed while reading output in the Apache error log file.
Sending alert emails
As an example, suppose that we wanted to execute a script to email us an alert message whenever an attempted SQL injection exploit was detected. To do this, we need two things...