Hey Brent, There is the sanitize group of actions that applies to the Audit log and will replace certain parameter values with asterisks.
However, the alert message written to the Apache Error-Log and the Debug-Log (Level 3) are unaffected by this. It's one of the major issues I have with ModSecurity. The following issue described this shortcoming: https://github.com/SpiderLabs/ModSecurity/issues/1132 Ahoj, Christian On Tue, Nov 07, 2017 at 05:30:43PM +0200, Brent Clark wrote: > Good day Guys > I'm in bit of a pickle, in that, I've received a request that no modsecurity > log > s may contains passwords or attempted passwords etc in the log. > This is for if we get audited. > > I can set: > SecDefaultAction "phase:1,deny,nolog,auditlog" > SecDefaultAction "phase:2,deny,nolog,auditlog" > > But then I would loose visibility of other issues. > > This is mostly for the SQLi rules that I am trying to tackle. > > Does anyone know of a way of disabling logging, without having to search and > rep > lace the rules provided by Owasp. > > If anyone can assist, it would be greatly appreciated. > > Regards > Brent Clark > _______________________________________________ > Owasp-modsecurity-core-rule-set mailing list > Owasp-modsecurity-core-rule-set@lists.owasp.org > https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set -- https://www.feistyduck.com/training/modsecurity-training-course https://www.feistyduck.com/books/modsecurity-handbook/ mailto:christian.fol...@netnea.com twitter: @ChrFolini _______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
