Hi,

In the documentation undersetenv there is a sentenceDescription: Creates and updates environment variables that can be accessed by both ModSecurity and the web server.

I have rule that detects specific forms actions from GET and POST requests (parameter called "formaction"). I expanded the rule by registering asetenv variable called CUSTOMFORMACTION. This part all works - rule triggers, writes to log and all that. Now comes the issue.

How am I supposed to access this new env variable in Nginx? When I just try to access it by$CUSTOMFORMACTION or$customformaction I get an nginx error on startup:nginx: [emerg] unknown 'customformaction' variable. Is there a special way of accessing the variable?

My ultimate goal is to create a configuration entry like this:proxy_set_header x-custom-form-action $CUSTOMFORMACTION.

or is there an way to add a header from a modsecurity rule in nginx like there is supposed to be in apache (using mod_headers)

Edit: From debug log I can see that ModSecurity is creating thesetenv variable with the correct value (well it is till encapsulated between / / - but I think this would not stop it from working at this point), but innginx debug log I see no mention of that variable other than in generic phase 6 there is a reference to the ModSecurity rule match. Nothing likehttp script var event or similar