欢迎来到starnight_cyber的博客

【译】ModSecurity事务生命周期

  本篇简要介绍ModSecurity Transaction Lifecycle,也即ModSecurity的事务生命周期。

Transaction Lifecycle

In ModSecurity, every transaction goes through five steps, or phases. In each of the phases, ModSecurity will perform some work at the beginning (e.g., parse data that has become avail- able), invoke the rules specified to work in that phase, and perhaps perform a task or two after the phase rules have finished. At first glance, it may seem that five phases are too many, but there’s a reason that each phase exists. There is always one task, sometimes several, that can only be performed at a particular moment in the transaction lifecycle.

   在ModSecurity中,每个事务都经过五个步骤或阶段。在每个阶段中,ModSecurity都将在开始时执行一些工作(例如,解析可用的数据),调用指定在该阶段中工作的规则,并可能在阶段规则完成后执行一两个任务。乍一看,似乎阶段太多了,但是每个阶段都存在一个原因。总是有一个任务,有时是几个,只能在事务生命周期的特定时刻执行。

Request headers (1)

The request headers phase is the first entry point for ModSecurity. The principal pur- pose of this phase is to allow rule writers to assess a request before the costly request body processing is undertaken. Similarly, there is often a need to influence how Mod- Security will process a request body, and in this phase is the time to do it. For example, ModSecurity will not parse an XML or JSON request body by default, but you can in- struct it do so by placing the appropriate rules into phase 1.

  请求头阶段是ModSecurity的第一个入口点。此阶段的主要目的是允许规则编写器在执行代价高昂的请求正文处理之前评估请求。类似地,经常需要影响Mod-Security如何处理请求主体,在这个阶段是时候这样做了。例如,默认情况下,ModSecurity不会解析XML或JSON请求体,但您可以通过在阶段1中放置适当的规则来指示其进行相应的操作。

Request body (2) 

The request body phase is the main request analysis phase and takes place immediately after a complete request body has been received and processed. The rules in this phase have all the available request data at their disposal. Afterward, the web server will either generate the response itself (in embedded mode) or forward the transaction to a back- end web server (in reverse proxy mode).

  请求正文阶段是主要的请求分析阶段,在接收和处理完完整的请求正文之后立即进行。这个阶段的规则拥有所有可用的请求数据。之后,web服务器将生成响应本身(在嵌入式模式下)或将事务转发到后端web服务器(在反向代理模式下)。

Response headers (3)

The response headers phase takes place after response headers become available but before a response body is read. The rules that need to decide whether to inspect a re- sponse body should run in this phase.

  响应头阶段发生在响应头可用之后,但在读取响应体之前。需要决定是否检查响应主体的规则应该在这个阶段运行。

Response body (4)

The response body phase is the main response analysis phase. By the time this phase begins, the response body will have been read and all its data made available for the rules to make their decisions.

  响应体阶段是主要的响应分析阶段。到这个阶段开始时,响应体已经被读取,并且所有的数据都可以供规则做出决定。

Logging (5)

The logging phase is special. It’s the only phase from which you cannot block. By the time this phase runs, the transaction will have finished, so there’s little you can do but record the fact that it happened. Rules in this phase are run to control how logging is performed or to save information in persistent storage.

  日志记录阶段是特殊的。这是你唯一无法阻止的阶段。到这个阶段运行时,事务将完成,所以除了记录它发生的事实之外,您几乎无能为力。此阶段中的规则用于控制如何执行日志记录或将信息保存在持久性存储中。

图示

  ModSecurity 事务生命周期的5个阶段图示如下。

 

The End.

posted @ 2019-11-18 20:31  starnight_cyber  阅读(...)  评论(...编辑  收藏