Re: [Mod-security-developers] sanitizeMatchedBytes question
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [Mod-security-developers] sanitizeMatchedBytes question
|
From: Breno S. <bre...@gm...> - 2011-07-11 20:44:41
|
Hi Jeff,
This seems to be a bug. I will take a look
thanks
Breno
On Mon, Jul 11, 2011 at 3:34 PM, Jeff Sundquist <jef...@gm...>wrote:
> I'm not able to get sanitizeMatchedBytes to work for RESPONSE_BODY and want
> to confirm that this should actually work.
>
> I'm using the rule from the documentation:
>
> SecRule RESPONSE_BODY "@verifyCC \d{13,16}"
> "phase:4,t:none,log,capture,block,msg:'Potential credit card number is
> response body',sanitiseMatchedBytes:0/4"
>
> and I see the rule "fire" but it has all the credit card info intact.
>
> When I turn on debug I see this:
>
> sanitizeMatched: Don't know how to handle variable: RESPONSE_BODY
>
> and when I look at the code it doesn't look like there is any logic to
> sanitize the response body in msc_logging.c.
>
> Before I go forward with trying to add this functionality I wanted to make
> sure that I wasn't missing something obvious....
>
> Thanks,
> Jeff
>
>
>
> ------------------------------------------------------------------------------
> All of the data generated in your IT infrastructure is seriously valuable.
> Why? It contains a definitive record of application performance, security
> threats, fraudulent activity, and more. Splunk takes this data and makes
> sense of it. IT sense. And common sense.
> http://p.sf.net/sfu/splunk-d2d-c2
> _______________________________________________
> mod-security-developers mailing list
> mod...@li...
> https://lists.sourceforge.net/lists/listinfo/mod-security-developers
> ModSecurity Services from Trustwave's SpiderLabs:
> https://www.trustwave.com/spiderLabs.php
>
|
