Re: [mod-security-users] Replace or filter data just in a special url
Brought to you by:
victorhora,
zimmerletw
From: Ryan B. <RBa...@tr...> - 2012-02-14 22:08:33
|
Since you have response body access off globally, you need to conditionally turn it on *before* phase 4 otherwise it is too late. Try this rule that separates this out into 2 rules - SecRule REQUEST_URI "index" "phase:3,nolog,pass,ctl:ResponseBodyAccess=on" SecRule STREAM_OUTPUT_BODY "@rsub s/<!--.*?-->/ /" "phase:4,t:none,log,pass,msg:'TEST'" On Feb 14, 2012, at 4:44 PM, Otto Schlagmichtot <hx...@ya...<mailto:hx...@ya...>> wrote: hi, do you have any idea how to replace or filter the content in the response body just for a special url? i tried the following and this works global!!! SecContentInjection On SecResponseBodyAccess on SecStreamOutBodyInspection On SecRule REQUEST_URI "index" "phase:4,chain,log,allow, msg:'TEST'" SecRule STREAM_OUTPUT_BODY "@rsub s/<!--.*?-->/ /" ____________________ But not, if i set responseBodyAccess=on for this special url . See below. SecContentInjection On SecResponseBodyAccess off SecStreamOutBodyInspection On SecRule REQUEST_URI "index" "phase:4,chain,log,allow, msg:'TEST', ctl:ResponseBodyAccess=on" SecRule STREAM_OUTPUT_BODY "@rsub s/<!--.*?-->/ /" Have anyone an idea? best regards, Otto ------------------------------------------------------------------------------ Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d _______________________________________________ mod-security-users mailing list mod...@li...<mailto:mod...@li...> https://lists.sourceforge.net/lists/listinfo/mod-security-users Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: http://www.modsecurity.org/projects/commercial/rules/ http://www.modsecurity.org/projects/commercial/support/ ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. |