Re: [Mod-security-developers] sanitizeMatchedBytes question

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Breno,

Thanks for looking at this so fast.  Agree that RESPONSE_BODY isn't
for everyone but in my case I do want to record and sanitize it.

>From the doc I thought this would do the trick.  I'll look at changing
the code ( or my requirements! ).

Also, I want to do the REQUEST_BODY and from my read of the code I
will hit the same issue.  Do you believe that it should work?  I see
code in msc_logging.c for it but I'm not the offsets will ever get
recorded.

Thanks,

Jeff

> Hey Jeff,
>
> Looking at the code, since we are using part of the same code of
> sanitzematched and it doesn't support RESPONSE_BODY variable you are seeing
> that msg. The reason for that is it's not common people enable RESPONSE_BODY
> to be logged in production env, because the log dir/file will increase a
> lot.
>
> I will discuss internally if we will move to the direction to support
> RESPONSE_BODY in sanitizematched action.
>
> Thanks
>
> Breno