At this time it is only possible to have three collections in which
data is stored persistantly (i.e. data available to multiple requests).
Every collection contains several built-in variables that are available and are read-only unless otherwise specified:
CREATE_TIME - date/time of
the creation of the collection.
IS_NEW - set to 1 if the
collection is new (not yet persisted) otherwise set to 0.
KEY - the value of the
initcol variable (the client's IP address in the example).
LAST_UPDATE_TIME - date/time
of the last update to the collection.
TIMEOUT - date/time in
seconds when the collection will be updated on disk from memory (if no
other updates occur). This variable may be set if you wish to specifiy
an explicit expiration time (default is 3600 seconds).
UPDATE_COUNTER - how many
times the collection has been updated since creation.
UPDATE_RATE - is the average
rate updates per minute since creation.
To create a collection to hold session variables (
SESSION) use action
setsid. To create a collection to hold user
USER) use action
setuid. To create a collection to hold client
address variables (
IP) use action
ModSecurity implements atomic updates of persistent variables only
for integer variables (counters) at this time. Variables are read from
initcol is encountered in the rules
and persisted at the end of request processing. Counters are adjusted by
applying a delta generated by re-reading the persisted data just before
being persisted. This keeps counter data consistent even if the counter
was modified and persisted by another thread/process during the
ModSecurity uses a Berkley Database (SDBM) for persistant storage. This type of database is generally limited to storing a maximum of 1008 bytes per key. This may be a limitation if you are attempting to store a considerable amount of data in variables for a single key. Some of this limitation is planned to be reduced in a future version of ModSecurity.