Skip to content

Best solution/workaround sanitise modsecurity v3 #3163

New issue
New issue
Open
Open
Best solution/workaround sanitise modsecurity v3#3163
Assignees
airween
Labels
3.xRelated to ModSecurity version 3.xduplicateOps. Somebody else already hit that bumplibmodsec - missing features
@cello86

Description

@cello86
cello86
opened on May 31, 2024

** Description of the bug **
On modsecurity v3 and OWASP CRS 4.x there are a lot of password rule matching and we notice the password printed into the modsecurity audit logs. We also noticed that sanitiseArg is not supported on v3 branch.

Do you plan to support in the near future this important function?

Do you aware of a better method than removing the printed part of values ​​via SecAuditLogParts?

The found some issue related to the sanitise implementation on v3 branch like:

#1132
#1898

Metadata

Metadata

Assignees

Labels

3.xRelated to ModSecurity version 3.xduplicateOps. Somebody else already hit that bumplibmodsec - missing features

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions