Hey Jeff,

You can only sanitize headers and args. If you want to do this improvements for modsecurity will be great! We can apply your patch! If you want to do that please go to the modsecurity devel list and we can share information about the source code.



On Mon, Jul 11, 2011 at 4:10 PM, Jeff Sundquist <jeffsundquist@gmail.com> wrote:
Thanks for looking at this so fast.  Agree that RESPONSE_BODY isn't for everyone but in my case I do want to record and sanitize it.
>From the doc I thought this would do the trick.  I'll look at changing the code ( or my requirements! ).
Also, I want to do the REQUEST_BODY and from my read of the code I will hit the same issue.  Do you believe that it should work?  I see code in msc_logging.c for it but I'm not the offsets will ever get recorded.

> Hey Jeff,
> Looking at the code, since we are using part of the same code of
> sanitzematched and it doesn't support RESPONSE_BODY variable you are seeing
> that msg. The reason for that is it's not common people enable RESPONSE_BODY
> to be logged in production env, because the log dir/file will increase a
> lot.
> I will discuss internally if we will move to the direction to support
> RESPONSE_BODY in sanitizematched action.
> Thanks
> Breno

All of the data generated in your IT infrastructure is seriously valuable.
Why? It contains a definitive record of application performance, security
threats, fraudulent activity, and more. Splunk takes this data and makes
sense of it. IT sense. And common sense.
mod-security-developers mailing list
ModSecurity Services from Trustwave's SpiderLabs: