Skip to content

re-integrated remove redundant actions#3518

Open
JonathanBerrew wants to merge 3 commits intoowasp-modsecurity:v2/masterfrom
JonathanBerrew:remove-redundant-actions
Open

re-integrated remove redundant actions#3518
JonathanBerrew wants to merge 3 commits intoowasp-modsecurity:v2/masterfrom
JonathanBerrew:remove-redundant-actions

Conversation

@JonathanBerrew
Copy link
Copy Markdown

@JonathanBerrew JonathanBerrew commented Mar 18, 2026
edited
Loading

This is a Marc Stern modification, I don't have much more insight on the code he made. To be reviewed with caution and check if this is still relevant

Example
In the configuration, I used:
Use SecAction "tag:ok,tag:ok,tag:ok,logdata:'ok'
Without this modification, the log shows:

--f2f99046-A--
[13/Apr/2026:16:03:06.779497 +0200] adz3miH5jzx_M_q_TC69xgAAAAA x.x.x.x 57133 x.x.x.x 443
--f2f99046-B--
POST /api/toto2 HTTP/1.1
Accept-Language: en
X-Forwarded-For: 198.200.1.4
Cache-Control: no-cache
Postman-Token: b978be69-7049-415e-b090-02ff42601566
Host: mock-server
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Content-Length: 0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Accept: */*
Cookie:

--f2f99046-F--
HTTP/1.1 200 OK
X-Unique-id: waf-dev-SED/1/20260413160306/adz3miH5jzx_M_q_TC69xgAAAAA/-/20250509/-/20230503
X-Content-Type-Options: nosniff
Referrer-Policy: strict-origin-when-cross-origin
X-Robots-Tag: noindex
Reporting-Endpoints: coop=/!report/coop, csp=/!report/csp, default=/!report/default
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: report-to csp;report-uri /!report/csp;default-src 'self' blob:;script-src 'self' blob: 'unsafe-eval' 'report-sample';connect-src 'self' blob:;frame-ancestors 'self' blob:;frame-src 'self' blob: javascript:;img-src * data: blob:;font-src * data: blob:;media-src * data: blob:;form-action 'self' blob:;upgrade-insecure-requests
Content-Length: 3
Keep-Alive: timeout=5
Connection: Keep-Alive

--f2f99046-H--
Message: Warning. Unconditional match in SecAction. [data "ok"] [tag "ok"] [tag "ok"] [tag "ok"]
Apache-Error: [level 3] ModSecurity: Warning. Unconditional match in SecAction. [data "ok"] [tag "ok"] [tag "ok"] [tag "ok"] [hostname "mock-server"] [uri "/api/toto2"] [unique_id "adz3miH5jzx_M_q_TC69xgAAAAA"]
Apache-Handler: proxy-server
Stopwatch: 1776088986677111 102470 (- - -)
Stopwatch2: 1776088986677111 102470; combined=34051, p1=4530, p2=24029, p3=855, p4=555, p5=3488, sr=1137, sw=594, l=0, gc=0
Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/);
Server: Apache/2.4.62 (Rocky Linux) OpenSSL/3.5.1
WebApp-Info: "mock-server-s" "-" "-"
Sensor-Id: "waf-dev-SED/waf-dev-SED/1"
Engine-Mode: "ENABLED"

--f2f99046-Z--

And with the modification:

--395b846f-A--
[13/Apr/2026:15:53:20.865413 +0200] adz1UI2HHICzTKXSDCx9aQAAAAA x.x.x.x 49612 x.x.x.x 443
--395b846f-B--
POST /api/toto2 HTTP/1.1
Accept-Language: en
X-Forwarded-For: 198.200.1.4
Cache-Control: no-cache
Postman-Token: d2c53f94-b011-4ea7-b8ab-30c8034fa4f4
Host: mock-server
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Content-Length: 0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Accept: */*
Cookie:

--395b846f-F--
HTTP/1.1 200 OK
X-Unique-id: waf-dev-SED/1/20260413155320/adz1UI2HHICzTKXSDCx9aQAAAAA/-/20250509/-/20230503
X-Content-Type-Options: nosniff
Referrer-Policy: strict-origin-when-cross-origin
X-Robots-Tag: noindex
Reporting-Endpoints: coop=/!report/coop, csp=/!report/csp, default=/!report/default
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: report-to csp;report-uri /!report/csp;default-src 'self' blob:;script-src 'self' blob: 'unsafe-eval' 'report-sample';connect-src 'self' blob:;frame-ancestors 'self' blob:;frame-src 'self' blob: javascript:;img-src * data: blob:;font-src * data: blob:;media-src * data: blob:;form-action 'self' blob:;upgrade-insecure-requests
Content-Length: 3
Keep-Alive: timeout=5
Connection: Keep-Alive

--395b846f-H--
Message: Warning. Unconditional match in SecAction. [data "ok"] [tag "ok"]
Apache-Error: [level 3] ModSecurity: Warning. Unconditional match in SecAction. [data "ok"] [tag "ok"] [hostname "mock-server"] [uri "/api/toto2"] [unique_id "adz1UI2HHICzTKXSDCx9aQAAAAA"]
Apache-Handler: proxy-server
Stopwatch: 1776088400801312 64187 (- - -)
Stopwatch2: 1776088400801312 64187; combined=27574, p1=2607, p2=20304, p3=725, p4=479, p5=2963, sr=736, sw=496, l=0, gc=0
Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/);
Server: Apache/2.4.62 (Rocky Linux) OpenSSL/3.5.1
WebApp-Info: "mock-server-s" "-" "-"
Sensor-Id: "waf-dev-SED/waf-dev-SED/1"
Engine-Mode: "ENABLED"

--395b846f-Z--

@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud bot commented Apr 15, 2026

Quality Gate Failed Quality Gate failed

Failed conditions
1 Security Hotspot

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@JonathanBerrew