[mod-security-users] Stripping characters from an argument
Brought to you by:
victorhora,
zimmerletw
From: Scott G. <sgi...@su...> - 2012-02-07 03:46:23
|
I have some arguments where users may harmlessly enter SQL metacharacters (single-quote, etc.), which I'd like to just remove before passing them through to the Web application. For example, a user may enter an apostrophe in their name, or put single-quotes around a search term. Rather than giving the user an error page, I'd like to just remove the dangerous characters, then pass the modified variables through to the Web application. I see how to do this with the request body using SecStreamInBodyInspection, but I don't see how to apply the rule to specific arguments. Is this possible? Or is there something else I can do that will give similar results? Thanks for any tips! ----Scott. |