Consider the following SecRule, which takes a feed from a lua script that is executed:
SecRule &TX:SQLI "@eq 1" "id:'129793',phase:2,t:none,redirect:http://www.example.com/failed.html,msg:'SQLi Injection Payload Found'"
If SQLi
is found in a request parameter, the tx.sqli
variable is populated and the user is redirected to a specific webpage : http://www.example.com/failed.html
.
This process works well. However, I would like to redirect the user back to the referrer
address or simply refresh their page or send them back to the previous page they were on.
This may involve, for example, populating the redirect address with the referrer value. Is it possible for ModSecurity
to execute this?