Re: [Owasp-modsecurity-core-rule-set] How to prevent request body logging?

Tue, 02 Jun 2015 13:22:32 -0700 

Inside your base modsecurity.conf file, I believe the following directive
will allow you to choose which pars are logged based on the assigned letter
values.
Example below will remove REQUEST and RESPONSE body:
SecAuditLogParts ABIFEHZ



On Tue, Jun 2, 2015 at 11:39 AM Chaim Sanders <csand...@trustwave.com>
wrote:

>  Hey Charles,
>
> You can use the nolog action to prevent ModSecurity from adding entries.
> For instance:
>
> SecRule ARGS:test "Test" "block,status:403,nolog,id:1"
>
>
>
>
>
> *Chaim Sanders    *
>
> Security Researcher, SpiderLabs
>
>
>
> *Trustwave* | SMART SECURITY ON DEMAND
>
> www.trustwave.com
>
>
>
> *From:* owasp-modsecurity-core-rule-set-boun...@lists.owasp.org [mailto:
> owasp-modsecurity-core-rule-set-boun...@lists.owasp.org] *On Behalf Of 
> *Charles
> Farinella
> *Sent:* Tuesday, June 2, 2015 10:38 AM
> *To:* owasp-modsecurity-core-rule-set@lists.owasp.org
> *Subject:* [Owasp-modsecurity-core-rule-set] How to prevent request body
> logging?
>
>
>
> We are seeing request bodies logged to our nginx logs.  mod_security
> documentation says that "Messages at levels 1-3 are always copied to the
> Apache error log."  Does anyone know how we can prevent this behavior?
>
> --
>
> Charles Farinella
>
> Systems Administrator
>
> Appropriate Solutions, Inc.
>
> 603-924-6079
>
> ------------------------------
>
> This transmission may contain information that is privileged,
> confidential, and/or exempt from disclosure under applicable law. If you
> are not the intended recipient, you are hereby notified that any
> disclosure, copying, distribution, or use of the information contained
> herein (including any reliance thereon) is strictly prohibited. If you
> received this transmission in error, please immediately contact the sender
> and destroy the material in its entirety, whether in electronic or hard
> copy format.
>  _______________________________________________
> Owasp-modsecurity-core-rule-set mailing list
> Owasp-modsecurity-core-rule-set@lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
>

_______________________________________________
Owasp-modsecurity-core-rule-set mailing list
Owasp-modsecurity-core-rule-set@lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set

Reply via email to