Wireshark capture https6/4/2023 ![]() ![]() However, depending on the settings of the SecAuditLogParts directive, not all parts of the requests are recorded. In Tutorial 6 we saw how we are able to configure ModSecurity to capture the entire traffic from a single client IP address. ![]() ![]() Step 1: Using ModSecurity to capture the entire traffic A reverse proxy as in Tutorial 9 (Setting up a reverse proxy).An OWASP ModSecurity Core Rule Set installation as in Tutorial 7 (Embedding ModSecurity Core Rules.An Apache web server with ModSecurity as in Tutorial 6 (Embedding ModSecurity).An Apache web server with extended access log as in Tutorial 5 (Extending and analyzing the access log).An Apache web server with SSL/TLS support as in Tutorial 4 (Configuring an SSL server).Understanding of the minimal configuration in Tutorial 2 (Configuring a minimal Apache server).An Apache web server, ideally one created using the file structure shown in Tutorial 1 (Compiling an Apache web server).In cases such as these it is important to be able to capture the entire traffic in order to narrow down the error to this basis. In numerous cases there is a lack of clarity about what has just passed over the line or there is disagreement about exactly which end of communication was responsible for the error. In daily life, when operating a web or reverse proxy server errors occur that can only be handled with difficultly come up again and again. We will also be decrypting traffic where necessary. We are capturing the entire HTTP traffic. Table of Contents What are we doing? Why are we doing this? Requirements Step 1: Using ModSecurity to capture the entire traffic Step 2: Using ModSecurity to write the entire traffic of a single session Step 3: Sniffing client traffic with the server/reverse proxy Step 4: Capturing encrypted traffic between the client and the server/reverse proxy Step 5: Decrypting traffic Step 6: Sniffing traffic between the reverse proxy and the application server References License / Copying / Further use What are we doing? ![]()
0 Comments
Leave a Reply. |