Re: [mod-security-users] Rule breaks access to website
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] Rule breaks access to website
|
From: Christian F. <chr...@ne...> - 2019-10-09 14:53:16
|
The order of the actions does not matter. For the book, I followed the order we also use in CRS: https://github.com/SpiderLabs/owasp-modsecurity-crs/blob/v3.3/dev/CONTRIBUTING.md the proposed order for actions is: id phase allow | block | deny | drop | pass | proxy | redirect status capture t:xxx log nolog auditlog noauditlog msg logdata tag sanitiseArg sanitiseRequestHeader sanitiseMatched sanitiseMatchedBytes ctl ver severity multiMatch initcol setenv setvar expirevar chain skip skipAfter Ahoj, Christian On Wed, Oct 09, 2019 at 02:28:41PM +0000, Madden, Joe via mod-security-users wrote: > Hi there, > > I was kinda following this example here: > > https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual-(v2.x) > > Where would the pass go just after nolog,? > > Thanks, > > Joe. > > > -----Original Message----- > From: Christian Folini <chr...@ne...> > Sent: 09 October 2019 14:59 > To: Madden, Joe via mod-security-users <mod...@li...> > Subject: Re: [mod-security-users] Rule breaks access to website > > Hey Joe, > > You do not state "pass" in your rule. So maybe your SecDefaultAction applies. > > Ahoj, > > Christian > > On Wed, Oct 09, 2019 at 01:53:56PM +0000, Madden, Joe via mod-security-users wrote: > > Hi there, > > > > I'm trying to hide passwords for being audited to the modsec_audit.log therefor I put this rule into modsecurity_crs_10_config.conf for apache: > > > > # Never log passwords > > #SecAction "nolog,phase:2,id:131,sanitiseArg:password,sanitiseArg:newPassword,sanitiseArg:oldPassword" > > > > The website returns constant 403 when this rule is enabled, I can't seem to figure out why. > > > > Is this the right way to achieve what I am trying to do? Am I putting it in the correct place? > > > > Thanks > > > > Joe. > > > > _______________________________________________ > > mod-security-users mailing list > > mod...@li... > > https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.sourceforge.net%2Flists%2Flistinfo%2Fmod-security-users&data=01%7C01%7Cjoe.madden%40mottmac.com%7C4525123b50ff437f622508d74cc10895%7Ca2bed0c459574f73b0c2a811407590fb%7C0&sdata=lKjSvxmEijV9FRZKA%2FTjOb1fBdLtA1E%2FcBXim%2F7LbKY%3D&reserved=0 > > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > > https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.modsecurity.org%2Fprojects%2Fcommercial%2Frules%2F&data=01%7C01%7Cjoe.madden%40mottmac.com%7C4525123b50ff437f622508d74cc10895%7Ca2bed0c459574f73b0c2a811407590fb%7C0&sdata=LQuLxppCuS%2B3IcfVNDXberT7M3KFZGHllTI5sIb5BFU%3D&reserved=0 > > https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.modsecurity.org%2Fprojects%2Fcommercial%2Fsupport%2F&data=01%7C01%7Cjoe.madden%40mottmac.com%7C4525123b50ff437f622508d74cc10895%7Ca2bed0c459574f73b0c2a811407590fb%7C0&sdata=p2ByPA4dpkrIIYWsjr5RrJ2xi4KcUuM9QLr3sazBTQs%3D&reserved=0 > > > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.sourceforge.net%2Flists%2Flistinfo%2Fmod-security-users&data=01%7C01%7Cjoe.madden%40mottmac.com%7C4525123b50ff437f622508d74cc10895%7Ca2bed0c459574f73b0c2a811407590fb%7C0&sdata=lKjSvxmEijV9FRZKA%2FTjOb1fBdLtA1E%2FcBXim%2F7LbKY%3D&reserved=0 > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.modsecurity.org%2Fprojects%2Fcommercial%2Frules%2F&data=01%7C01%7Cjoe.madden%40mottmac.com%7C4525123b50ff437f622508d74cc10895%7Ca2bed0c459574f73b0c2a811407590fb%7C0&sdata=LQuLxppCuS%2B3IcfVNDXberT7M3KFZGHllTI5sIb5BFU%3D&reserved=0 > https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.modsecurity.org%2Fprojects%2Fcommercial%2Fsupport%2F&data=01%7C01%7Cjoe.madden%40mottmac.com%7C4525123b50ff437f622508d74cc10895%7Ca2bed0c459574f73b0c2a811407590fb%7C0&sdata=p2ByPA4dpkrIIYWsjr5RrJ2xi4KcUuM9QLr3sazBTQs%3D&reserved=0 > > > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ |
