Re: [mod-security-users] Rule breaks access to website
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] Rule breaks access to website
|
From: Christian F. <chr...@ne...> - 2019-10-09 13:59:31
|
Hey Joe, You do not state "pass" in your rule. So maybe your SecDefaultAction applies. Ahoj, Christian On Wed, Oct 09, 2019 at 01:53:56PM +0000, Madden, Joe via mod-security-users wrote: > Hi there, > > I'm trying to hide passwords for being audited to the modsec_audit.log therefor I put this rule into modsecurity_crs_10_config.conf for apache: > > # Never log passwords > #SecAction "nolog,phase:2,id:131,sanitiseArg:password,sanitiseArg:newPassword,sanitiseArg:oldPassword" > > The website returns constant 403 when this rule is enabled, I can't seem to figure out why. > > Is this the right way to achieve what I am trying to do? Am I putting it in the correct place? > > Thanks > > Joe. > > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ |
