Hello again :)
So I went to the modsec lists, figured out how to get the environment variable set with the rule message by default for all rules, then push the 'msg' to a custom X header from there. For example:
SecDefaultAction "phase:2,deny,log,setenv:'env_msecblk=%{rule.msg}'"
Header always set X-ModSec-Block %{env_msecblk}e env=env_msecblk
However, I soon found that empty X-ModSec-Block headers were being set, due to the empty "env_msecblk" environment variable being set by ModSecurity in cases where disruptive rules weren't triggered. Reading over the header directive docs [1], I noticed that the header will be set only if the environment variable exists, but doesn't check if it's empty. So I then tried:
Header always set X-ModSec-Block %{env_modsecblk}e "expr=%{env_modsecblk}e =~ m#[a-zA-Z]#"
The above unfortunately failed with: Can't parse envclause/_expression_: syntax error, unexpected T_ID: Variable 'env_modsecblk' does not exist
To get around that, I took a "dirty" clean-up approach:
Header always set X-ModSec-Block %{env_modsecblk}e env=env_modsecblk
<If "! %{HTTP:X-ModSec-Block} =~ /[a-zA-Z]/">
Header always unset X-ModSec-Block
</If>
So I my question at this point is; how do I conditionally set the custom "X-ModSec-Block" header to the value of the "env_modsecblk" environment variable, if that variable exists, and isn't blank. Thanks again everyone :)
