Export ModSecurity rule error report

This function submits ModSecurity™ rule error reports to a remote receiver. The third party rule vendors use these error reports to identify problems with their rule sets.

Important:

When you disable the Web Server role, the system disables this function.

SecurityBasicAuth
Request
query Parameters
email
required
string <email>

The contact email address to send with the error report. This allows the rule's vendor to reply to the user directly.

Example: email=john.doe@example.com
message
required
string

A short message that explains the reason for the report.

Example: message=Hi. We're having some trouble with this rule. It seems to be blocking all requests.
row_ids
required
integer

The MySQL® row IDs from the hits table in the modsec database for the audit log event to report.

Note:

If you specify more than one row ID:

  • You must comma-separate the rule IDs.
  • The rule IDs must all correspond to the same ModSecurity rule.
Examples:
row_ids=794828, 794829, 794820
row_ids=794828
send
required
integer

Whether the function sends the report to the rule's vendor.

  • 1 — Send the report.
  • 0 — Do not send the report.
Enum: 1 0
Example: send=1
type
required
string

The report's type.

Note:

This value does not use a specified format. Treat the value as freeform text.

Example: type=false positive
Responses
200

HTTP Request was successful.

Response Schema: application/json
object
object
get/modsec_report_rule
Request samples 
whmapi1 --output=jsonpretty \
  modsec_report_rule \
  row_ids='794828' \
  message=$'Hi. We\'re having some trouble with this rule. It seems to be
blocking all requests.' \
  email='john.doe@example.com' \
  type='false positive' \
  send='1'
Response samples
application/json
{
  • "data": {
    • "report": [
      • {
        • "email": "john.doe@example.com",
        • "hits": [
          • {
            • "action_desc": "Access denied with code 406 (phase 2).",
            • "handler": null,
            • "host": "example.com",
            • "http_method": "GET",
            • "http_status": 406,
            • "http_version": "HTTP/1.1",
            • "id": 794828,
            • "ip": "10.215.215.236",
            • "justification": "Unconditional match in SecAction.",
            • "meta_file": "/usr/local/apache/conf/modsec_vendor_configs/MyVendor/one.conf",
            • "meta_id": 12345694,
            • "meta_line": 1,
            • "meta_logdata": null,
            • "meta_msg": "Method is not allowed by policy",
            • "meta_offset": 0,
            • "meta_rev": 1,
            • "meta_severity": "CRITICAL",
            • "meta_uri": null,
            • "path": "/something",
            • "timestamp": "2019-10-13T07:58:04.000Z",
            • "timezone": "-300"
            }
          ],
        • "message": "Hi. We're having some trouble with this rule. It seems to be blocking all requests.",
        • "rule_text": "SecAction \"deny,auditlog,id:'12345694'\"\n",
        • "type": "false positive"
        }
      ]
    },
  • "metadata": {
    • "command": "modsec_report_rule",
    • "reason": "OK",
    • "result": 1,
    • "version": 1
    }
}
©2024 WebPros International, LLC All rights reserved.Privacy PolicyTrademarks