Best way is to avoid redirects completely: show requested application page if
user is authenticated, otherwise show login page. This is what happens if you
use apache authentication modules, like mode_auth_basic (warning: SSL is
mandatory for it). Some applications use redirects, but pass origin
I also tried for example:
SecDefaultAction
"phase:2,deny,log,status:406,setenv:'env_modsecblk=%{rule.msg}'"
Header always set X-ModSec-Block %{env_modsecblk}e env=env_modsecblk
But that also fails with:
AH00526: Syntax error on line 21 of /usr/local/apache/conf/modsec2.conf:
Cannot parse con
Hello again :)
So I went to the modsec lists, figured out how to get the environment
variable set with the rule message by default for all rules, then push the
'msg' to a custom X header from there. For example:
SecDefaultAction "phase:2,deny,log,setenv:'env_msecblk=%{rule.msg}'"
Header always se
Hi,
I'm trying to setup an environment with a frontend interface which login
and redirects to my application.
The scenario is: The user access with webmail.domain.com and the login page
redirects to the application, running on the same host, but on port 81.
How could I keep the original URL? I m
