Re: [mod-security-users] URGENT about audit log!!!!!![ScanMail Notification] <<Your mail is fully s
Brought to you by:
victorhora,
zimmerletw
From: <ja...@je...> - 2010-10-21 12:06:47
|
Hi Jamuse, Thanks for your suggestion!! It seems useful for me. That means if i want to mask the parameter "password", i can use the following rule? SecAction "nolog,phase:2,sanitiseArg:password Where should i place this rule? my custom config file (modsec_70_custom.conf)? Will it take effect globally (For all incoming request)? Thanks a lot Jay Jamuse <ja...@gm... > To ja...@je... 10/21/2010 06:13 cc PM mod...@li...urceforg e.net Subject Re: [mod-security-users] URGENT about audit log!!!!!![ScanMail Notification] <<Your mail is fully scanned.>> On Thu, Oct 21, 2010 at 10:10 AM, <ja...@je...> wrote: > > Hi all, > > Here is the config of my audit log: > > # Serial audit log > SecAuditEngine RelevantOnly > SecAuditLogRelevantStatus ^5 > SecAuditLogParts ABIFHKZ > SecAuditLogType Serial > SecAuditLog logs/modsec_audit_log_%Y%m%d" > > > I just found that the audit contain SecAuditLogParts "C" which is the > Request body. > And the request body contain some sensitive data that i am not allowed to > log!!!! > So how can i remove or disalbe the logging of Request body in audit log!!?? Hi Jaylam, In addition to what Chris mentioned, if there is only a couple of parameters that contain sensitive data, e.g. a password or credit card number, you can still log the request body but use the 'sanitiseArg' or 'sanitiseMatched' directives to ensure that the sensitive data is not logged. -- - Josh This e-mail is intended solely for the addressee. If you have received this e-mail in error, please notify the sender by reply e-mail and immediately delete it from your system. |