Testing WAF Redirect

[srpurdy]

No worries, glad I could help.

The idea behind the port 30000 and https was to redirect to a port/listener that maybe was always open, so even if you shunned the badguy they would still get the page explaining why.

Ah yeah. Wondered about that. It seems like though the shun is usually behind the apache request right now? I guess in a heavy load situation maybe that wouldn't be the case though?

Actually now that I look. the address im going through is actually on cloudflare so access is still allowed even if they get blocked. They just won't be able to do any requests that require my server to kick in. I guess that works.

[craigedmonds]

I am trying to set a remote domain for my block page so that if users are blocked for something they get redirected to another domain name on a server outside my hosting network and I grab all the variables over there.

However, in ASL 4.0, if I try and put the following format into the field for WAF_REDIRECT_URL:

http://www.remote_domain.com/blocked/?eventid=%{eventid}&ruleid=%{ruleid}&remote_addr=%{remote_addr}&server_name=%{server_name}&server_port=%{server_port}

......its only saving the first part of the url like this: http://www.remote_domain.com/blocked/?eventid=%{eventid}

IF I check my logs the redirect is actually working, but I am only being sent the eventid and nothing else.

Any ideas?