Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unique_ID is merely timestamp and not necessarily unique in v3.0.5-3.0.7 #2752

Closed
datkps11 opened this issue Jun 1, 2022 · 4 comments · Fixed by #2758
Closed

Unique_ID is merely timestamp and not necessarily unique in v3.0.5-3.0.7 #2752

datkps11 opened this issue Jun 1, 2022 · 4 comments · Fixed by #2758
Labels
3.x Related to ModSecurity version 3.x

Comments

@datkps11
Copy link

datkps11 commented Jun 1, 2022
edited
Loading

Hi, i used Modsec v3.0.7 + Nginx v1.21.6
In audit log, Unique_ID look like timestamp(ex : 1653971707) and its not be identified for 1 transaction. So, How can I fix it :

  • Can i configure Unique_ID is random string(ex: SorMz38AAAEAAFG2AOAAAAAA)? OR
  • I added Random_ID field in transaction.cc and it show in audit log. How to add RANDOM_ID variables ?
@datkps11
Copy link
Author

datkps11 commented Jun 3, 2022

Can you help me? @martinhsv

@martinhsv
Copy link
Contributor

In ModSecurity v3, it looks like unique_id had a proper implementation, until it changed ( via a609249 ) to be only a timestamp.

It appears that this change was unintended, as the commit in question was technical in nature rather than targetting a functionality change. This means that the functionality was as intended in v3.0.4, but that it is incomplete in v3.0.5 - v3.0.7.

@martinhsv martinhsv added the 3.x Related to ModSecurity version 3.x label Jun 3, 2022
@martinhsv martinhsv changed the title Unique_ID not be identified for transaction Unique_ID is merely timestamp not necessarily unique in v3.0.5-3.0.7 Jun 3, 2022
@martinhsv martinhsv changed the title Unique_ID is merely timestamp not necessarily unique in v3.0.5-3.0.7 Unique_ID is merely timestamp and not necessarily unique in v3.0.5-3.0.7 Jun 3, 2022
@martinhsv martinhsv mentioned this issue Jun 3, 2022
Merged
@martinhsv
Copy link
Contributor

Hello @datkps11 ,

Thanks for identifying this anomaly.

I have created a pull request ( #2758 ) that restores the functionality from v3.0.4 if you want to try it out.

@datkps11
Copy link
Author

datkps11 commented Jun 4, 2022

Thank for your support @martinhsv

@datkps11 datkps11 closed this as completed Jun 4, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
3.x Related to ModSecurity version 3.x
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Restore Unique_id to include random portion after timestamp
2 participants
@martinhsv @datkps11