[mod-security-users] Rule breaks access to website

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hi there,

I'm trying to hide passwords for being audited to the modsec_audit.log therefor I put this rule into modsecurity_crs_10_config.conf for apache:

# Never log passwords
#SecAction "nolog,phase:2,id:131,sanitiseArg:password,sanitiseArg:newPassword,sanitiseArg:oldPassword"

The website returns constant 403 when this rule is enabled, I can't seem to figure out why.

Is this the right way to achieve what I am trying to do? Am I putting it in the correct place?

Thanks

Joe.