[Owasp-modsecurity-core-rule-set] How to replace response key words
RBarnett at trustwave.com
Wed Nov 30 22:00:20 EST 2011
Try enabling SecContentInjection On.
On Nov 30, 2011, at 8:16 PM, "dreamice" <dreamice.jiang at gmail.com<mailto:dreamice.jiang at gmail.com>> wrote:
Thanks for your reply!
I use the latest version(httpd-2.2.21 and mod-2.6.2),and I write the rule as follow:
SecRule STREAM_OUTPUT_BODY "@rsub s/1111/xxxx/" "phase:4,t:none,log,auditlog,pass"
my default page is:
After I restart the httpd, I request the index.html page, the "1111" has not been replaced.
I global set SecRuleEngine On, what is the problem with my operation?
Thanks in advance!
2011/11/24 Josh Amishav-Zlatin <jamuse at gmail.com<mailto:jamuse at gmail.com>>
On Thu, Nov 24, 2011 at 1:51 PM, dreamice <dreamice.jiang at gmail.com<mailto:dreamice.jiang at gmail.com>> wrote:
> I want to replace the response key words. Such as if the response data
> include "Fuck", I want to write a rule to replace it with "****", how can I
> do it?
If your using 2.6.0 or later then use the @rsub operator.
Owasp-modsecurity-core-rule-set mailing list
Owasp-modsecurity-core-rule-set at lists.owasp.org<mailto:Owasp-modsecurity-core-rule-set at lists.owasp.org>
This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.
More information about the Owasp-modsecurity-core-rule-set