Audit log sanitization actions
ModSecurity includes actions to sanitize audit log data. The purpose of this is to prevent things such as user passwords from showing up in the audit logs.
These are the sanitization actions that ModSecurity supports:
Action |
Description |
---|---|
sanitiseArg
|
Sanitizes the named argument value of a |
sanitiseMatched
|
Sanitize the variable that caused the rule to match. This can be either a request argument, request header or response header. |
sanitiseRequestHeader
|
Sanitize named request header. |
sanitiseResponseHeader
|
Sanitize named response header. |
As an example, if a web page accepted an argument named "password" and it also matched a ModSecurity rule then the following would make sure that the password is replaced by asterisks when data is written to the audit log:
SecRule login.php allow,auditlog,sanitiseArg:password
Accessing /login.php?password=123456
on the server would result in...