7 May 17:05
Re: Header sanitization
From: Nick Gearls <nickgearls <at> gmail.com>
Subject: Re: Header sanitization
Newsgroups: gmane.comp.apache.mod-security.user
Date: 2008-05-07 15:05:50 GMT
Subject: Re: Header sanitization
Newsgroups: gmane.comp.apache.mod-security.user
Date: 2008-05-07 15:05:50 GMT
I found a possible solution. If we write a filter to strip the password, then we could 1. map the "base64(user:pwd)" 2. decode64 it, strip pwd, and map it again 3. print TX.1 in log Questions: 1. Any generic function to strip things after the colon ? If not, we could write a generic sub plug-in. 2. This works on rules checking the Authorization header. Any way to add this for all log entries ? Thanks, Nick Nick Gearls wrote: > Hello, > > For obvious privacy reasons, it is advisable to sanitize the header > "Authorization" in the log. > However, it may be handy to have the userid part of it in case of an > error trap. > Any possibility ? > > Thanks, > > Nick > > ------------------------------------------------------------------------- This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
RSS Feed