Skip to content

sanitiseMatchedBytes range does not work on POST arguments #841

New issue
New issue
Open
Open
sanitiseMatchedBytes range does not work on POST arguments#841
Labels
2.xRelated to ModSecurity version 2.x3.xRelated to ModSecurity version 3.xenhancement
Milestone
 
v3.1.0
@tunetheweb

Description

@tunetheweb
tunetheweb
opened on Feb 17, 2015

If you have the following rule:

SecRule ARGS "@verifyCC \d{13,16}" "id:1,phase:5,pass,sanitiseMatchedBytes:4/4,capture"

Sending a GET request (www.example.com/test?a=1001200230034004) produces the following in the log as expected:

GET /test?a=1001********4004 HTTP/1.1

Sending a POST request however produces the following in the log:

a=****************

So it's not showing the first and last 4 characters as expected, but is instead doing a full sanitisation.

Metadata

Metadata

Assignees

No one assigned

    Labels

    2.xRelated to ModSecurity version 2.x3.xRelated to ModSecurity version 3.xenhancement

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions