Re: [mod-security-users] URGENT about audit log!!!!!![ScanMail Notification] <<Your mail is fully s
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] URGENT about audit log!!!!!![ScanMail Notification] <<Your mail is fully scanned.>>
|
From: <ja...@je...> - 2010-10-21 12:06:47
|
Hi Jamuse,
Thanks for your suggestion!!
It seems useful for me.
That means if i want to mask the parameter "password", i can use the
following rule?
SecAction "nolog,phase:2,sanitiseArg:password
Where should i place this rule? my custom config file
(modsec_70_custom.conf)?
Will it take effect globally (For all incoming request)?
Thanks a lot
Jay
Jamuse
<ja...@gm...
> To
ja...@je...
10/21/2010 06:13 cc
PM mod...@li...urceforg
e.net
Subject
Re: [mod-security-users] URGENT
about audit log!!!!!![ScanMail
Notification] <<Your mail is fully
scanned.>>
On Thu, Oct 21, 2010 at 10:10 AM, <ja...@je...> wrote:
>
> Hi all,
>
> Here is the config of my audit log:
>
> # Serial audit log
> SecAuditEngine RelevantOnly
> SecAuditLogRelevantStatus ^5
> SecAuditLogParts ABIFHKZ
> SecAuditLogType Serial
> SecAuditLog logs/modsec_audit_log_%Y%m%d"
>
>
> I just found that the audit contain SecAuditLogParts "C" which is the
> Request body.
> And the request body contain some sensitive data that i am not allowed to
> log!!!!
> So how can i remove or disalbe the logging of Request body in audit
log!!??
Hi Jaylam,
In addition to what Chris mentioned, if there is only a couple of
parameters that contain sensitive data, e.g. a password or credit card
number, you can still log the request body but use the 'sanitiseArg'
or 'sanitiseMatched' directives to ensure that the sensitive data is
not logged.
--
- Josh
This e-mail is intended solely for the addressee. If you have received
this e-mail in error, please notify the sender by reply e-mail and
immediately delete it from your system.
|