Re: [mod-security-users] Rule breaks access to website

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hi there,

I was kinda following this example here:

https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual-(v2.x) 

Where would the pass go just after nolog,?

Thanks,

Joe.

-----Original Message-----
From: Christian Folini <chr...@ne...> 
Sent: 09 October 2019 14:59
To: Madden, Joe via mod-security-users <mod...@li...>
Subject: Re: [mod-security-users] Rule breaks access to website

Hey Joe,

You do not state "pass" in your rule. So maybe your SecDefaultAction applies.

Ahoj,

Christian

On Wed, Oct 09, 2019 at 01:53:56PM +0000, Madden, Joe via mod-security-users wrote:
> Hi there,
> 
> I'm trying to hide passwords for being audited to the modsec_audit.log therefor I put this rule into modsecurity_crs_10_config.conf for apache:
> 
> # Never log passwords
> #SecAction "nolog,phase:2,id:131,sanitiseArg:password,sanitiseArg:newPassword,sanitiseArg:oldPassword"
> 
> The website returns constant 403 when this rule is enabled, I can't seem to figure out why.
> 
> Is this the right way to achieve what I am trying to do? Am I putting it in the correct place?
> 
> Thanks
> 
> Joe.
> 
> _______________________________________________
> mod-security-users mailing list
> mod...@li...
> https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.sourceforge.net%2Flists%2Flistinfo%2Fmod-security-users&amp;data=01%7C01%7Cjoe.madden%40mottmac.com%7C4525123b50ff437f622508d74cc10895%7Ca2bed0c459574f73b0c2a811407590fb%7C0&amp;sdata=lKjSvxmEijV9FRZKA%2FTjOb1fBdLtA1E%2FcBXim%2F7LbKY%3D&amp;reserved=0
> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
> https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.modsecurity.org%2Fprojects%2Fcommercial%2Frules%2F&amp;data=01%7C01%7Cjoe.madden%40mottmac.com%7C4525123b50ff437f622508d74cc10895%7Ca2bed0c459574f73b0c2a811407590fb%7C0&amp;sdata=LQuLxppCuS%2B3IcfVNDXberT7M3KFZGHllTI5sIb5BFU%3D&amp;reserved=0
> https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.modsecurity.org%2Fprojects%2Fcommercial%2Fsupport%2F&amp;data=01%7C01%7Cjoe.madden%40mottmac.com%7C4525123b50ff437f622508d74cc10895%7Ca2bed0c459574f73b0c2a811407590fb%7C0&amp;sdata=p2ByPA4dpkrIIYWsjr5RrJ2xi4KcUuM9QLr3sazBTQs%3D&amp;reserved=0

_______________________________________________
mod-security-users mailing list
mod...@li...
https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.sourceforge.net%2Flists%2Flistinfo%2Fmod-security-users&amp;data=01%7C01%7Cjoe.madden%40mottmac.com%7C4525123b50ff437f622508d74cc10895%7Ca2bed0c459574f73b0c2a811407590fb%7C0&amp;sdata=lKjSvxmEijV9FRZKA%2FTjOb1fBdLtA1E%2FcBXim%2F7LbKY%3D&amp;reserved=0
Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.modsecurity.org%2Fprojects%2Fcommercial%2Frules%2F&amp;data=01%7C01%7Cjoe.madden%40mottmac.com%7C4525123b50ff437f622508d74cc10895%7Ca2bed0c459574f73b0c2a811407590fb%7C0&amp;sdata=LQuLxppCuS%2B3IcfVNDXberT7M3KFZGHllTI5sIb5BFU%3D&amp;reserved=0
https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.modsecurity.org%2Fprojects%2Fcommercial%2Fsupport%2F&amp;data=01%7C01%7Cjoe.madden%40mottmac.com%7C4525123b50ff437f622508d74cc10895%7Ca2bed0c459574f73b0c2a811407590fb%7C0&amp;sdata=p2ByPA4dpkrIIYWsjr5RrJ2xi4KcUuM9QLr3sazBTQs%3D&amp;reserved=0