[Mod-security-developers] sanitizeMatchedBytes question
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
[Mod-security-developers] sanitizeMatchedBytes question
|
From: Jeff S. <jef...@gm...> - 2011-07-11 20:34:57
|
I'm not able to get sanitizeMatchedBytes to work for RESPONSE_BODY and want
to confirm that this should actually work.
I'm using the rule from the documentation:
SecRule RESPONSE_BODY "@verifyCC \d{13,16}"
"phase:4,t:none,log,capture,block,msg:'Potential credit card number is
response body',sanitiseMatchedBytes:0/4"
and I see the rule "fire" but it has all the credit card info intact.
When I turn on debug I see this:
sanitizeMatched: Don't know how to handle variable: RESPONSE_BODY
and when I look at the code it doesn't look like there is any logic to
sanitize the response body in msc_logging.c.
Before I go forward with trying to add this functionality I wanted to make
sure that I wasn't missing something obvious....
Thanks,
Jeff
|
