<?php
$string = '[Wed Feb 06 08:57:54 2019] [error] [client 123.123.123.123] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_HEADERS. [file "/etc/httpd/modsecurity.d/activated_rules/modsecurity_crs_21_protocol_anomalies.conf"] [line "47"] [id "960015"] [rev "1"] [msg "Request Missing an Accept Header"] [severity "NOTICE"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/MISSING_HEADER_ACCEPT"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "something.net"] [uri "/index.php/admin/"] [unique_id "XFsEAsDzZbMAAGY5i5oAAAAA"]';
preg_match_all('/\[([a-z_]+)\s*([^]]*)\]/', $string, $matches);
$output = array_combine($matches[1], $matches[2]);
$output = array_map(function ($v) { return trim($v, '"'); }, $output);
print_r($output);
- Output for 7.1.25 - 7.1.33, 7.2.0 - 7.2.33, 7.3.0 - 7.3.33, 7.4.0 - 7.4.33, 8.0.0 - 8.0.30, 8.1.0 - 8.1.28, 8.2.0 - 8.2.19, 8.3.0 - 8.3.4, 8.3.6 - 8.3.7
- Array
(
[error] =>
[client] => 123.123.123.123
[file] => /etc/httpd/modsecurity.d/activated_rules/modsecurity_crs_21_protocol_anomalies.conf
[line] => 47
[id] => 960015
[rev] => 1
[msg] => Request Missing an Accept Header
[severity] => NOTICE
[ver] => OWASP_CRS/2.2.6
[maturity] => 9
[accuracy] => 9
[tag] => PCI/6.5.10
[hostname] => something.net
[uri] => /index.php/admin/
[unique_id] => XFsEAsDzZbMAAGY5i5oAAAAA
)
- Output for 8.3.5
- Warning: PHP Startup: Unable to load dynamic library 'sodium.so' (tried: /usr/lib/php/8.3.5/modules/sodium.so (libsodium.so.23: cannot open shared object file: No such file or directory), /usr/lib/php/8.3.5/modules/sodium.so.so (/usr/lib/php/8.3.5/modules/sodium.so.so: cannot open shared object file: No such file or directory)) in Unknown on line 0
Array
(
[error] =>
[client] => 123.123.123.123
[file] => /etc/httpd/modsecurity.d/activated_rules/modsecurity_crs_21_protocol_anomalies.conf
[line] => 47
[id] => 960015
[rev] => 1
[msg] => Request Missing an Accept Header
[severity] => NOTICE
[ver] => OWASP_CRS/2.2.6
[maturity] => 9
[accuracy] => 9
[tag] => PCI/6.5.10
[hostname] => something.net
[uri] => /index.php/admin/
[unique_id] => XFsEAsDzZbMAAGY5i5oAAAAA
)
preferences:
106.56 ms | 403 KiB | 184 Q