diff --git a/apache2/modsecurity.c b/apache2/modsecurity.c
index add28b38..437d108d 100644
--- a/apache2/modsecurity.c
+++ b/apache2/modsecurity.c
@@ -297,12 +297,12 @@ apr_status_t modsecurity_tx_init(modsec_rec *msr) {
}
}
- msr->arguments_to_sanitise = apr_table_make(msr->mp, 16);
- if (msr->arguments_to_sanitise == NULL) return -1;
- msr->request_headers_to_sanitise = apr_table_make(msr->mp, 16);
- if (msr->request_headers_to_sanitise == NULL) return -1;
- msr->response_headers_to_sanitise = apr_table_make(msr->mp, 16);
- if (msr->response_headers_to_sanitise == NULL) return -1;
+ msr->arguments_to_sanitize = apr_table_make(msr->mp, 16);
+ if (msr->arguments_to_sanitize == NULL) return -1;
+ msr->request_headers_to_sanitize = apr_table_make(msr->mp, 16);
+ if (msr->request_headers_to_sanitize == NULL) return -1;
+ msr->response_headers_to_sanitize = apr_table_make(msr->mp, 16);
+ if (msr->response_headers_to_sanitize == NULL) return -1;
/* Initialise cookies */
msr->request_cookies = apr_table_make(msr->mp, 16);
diff --git a/apache2/modsecurity.h b/apache2/modsecurity.h
index 489d50ad..7f80dfd1 100644
--- a/apache2/modsecurity.h
+++ b/apache2/modsecurity.h
@@ -250,9 +250,9 @@ struct modsec_rec {
const char *request_content_type;
apr_table_t *arguments;
- apr_table_t *arguments_to_sanitise;
- apr_table_t *request_headers_to_sanitise;
- apr_table_t *response_headers_to_sanitise;
+ apr_table_t *arguments_to_sanitize;
+ apr_table_t *request_headers_to_sanitize;
+ apr_table_t *response_headers_to_sanitize;
apr_table_t *request_cookies;
unsigned int is_relevant;
diff --git a/apache2/msc_logging.c b/apache2/msc_logging.c
index 956f31b5..85e94bbf 100644
--- a/apache2/msc_logging.c
+++ b/apache2/msc_logging.c
@@ -287,7 +287,7 @@ static char *create_auditlog_boundary(request_rec *r) {
* Sanitises the request line by removing the parameters
* that have been marked as sensitive.
*/
-static void sanitise_request_line(modsec_rec *msr) {
+static void sanitize_request_line(modsec_rec *msr) {
const apr_array_header_t *tarr;
const apr_table_entry_t *telts;
int i;
@@ -299,7 +299,7 @@ static void sanitise_request_line(modsec_rec *msr) {
qspos++;
/* Loop through the list of sensitive parameters. */
- tarr = apr_table_elts(msr->arguments_to_sanitise);
+ tarr = apr_table_elts(msr->arguments_to_sanitize);
telts = (const apr_table_entry_t*)tarr->elts;
for (i = 0; i < tarr->nelts; i++) {
msc_arg *arg = (msc_arg *)telts[i].val;
@@ -313,7 +313,7 @@ static void sanitise_request_line(modsec_rec *msr) {
j = arg->value_origin_offset;
while((*p != '\0')&&(j--)) p++;
if (*p == '\0') {
- msr_log(msr, 1, "Unable to sanitise variable \"%s\" at offset %u of QUERY_STRING"
+ msr_log(msr, 1, "Unable to sanitize variable \"%s\" at offset %u of QUERY_STRING"
"because the request line is too short.",
log_escape_ex(msr->mp, arg->name, arg->name_len),
arg->value_origin_offset);
@@ -326,7 +326,7 @@ static void sanitise_request_line(modsec_rec *msr) {
*p++ = '*';
}
if (*p == '\0') {
- msr_log(msr, 1, "Unable to sanitise variable \"%s\" at offset %u (size %d) "
+ msr_log(msr, 1, "Unable to sanitize variable \"%s\" at offset %u (size %d) "
"of QUERY_STRING because the request line is too short.",
log_escape_ex(msr->mp, arg->name, arg->name_len),
arg->value_origin_offset, arg->value_origin_len);
@@ -491,7 +491,7 @@ void sec_audit_logger(modsec_rec *msr) {
text = apr_psprintf(msr->mp, "\n--%s-%c--\n", msr->new_auditlog_boundary, AUDITLOG_PART_REQUEST_HEADERS);
sec_auditlog_write(msr, text, strlen(text));
- sanitise_request_line(msr);
+ sanitize_request_line(msr);
sec_auditlog_write(msr, msr->request_line, strlen(msr->request_line));
sec_auditlog_write(msr, "\n", 1);
@@ -500,9 +500,9 @@ void sec_audit_logger(modsec_rec *msr) {
te = (apr_table_entry_t *)arr->elts;
for (i = 0; i < arr->nelts; i++) {
text = apr_psprintf(msr->mp, "%s: %s\n", te[i].key, te[i].val);
- /* Do we need to sanitise this request header? */
- if (apr_table_get(msr->request_headers_to_sanitise, te[i].key) != NULL) {
- /* Yes, sanitise it. */
+ /* Do we need to sanitize this request header? */
+ if (apr_table_get(msr->request_headers_to_sanitize, te[i].key) != NULL) {
+ /* Yes, sanitize it. */
memset(text + strlen(te[i].key) + 2, '*', strlen(te[i].val));
}
sec_auditlog_write(msr, text, strlen(text));
@@ -525,17 +525,17 @@ void sec_audit_logger(modsec_rec *msr) {
apr_array_header_t *sorted_args;
unsigned int offset = 0, last_offset = 0;
msc_arg *nextarg = NULL;
- int sanitise = 0; /* IMP1 Use constants for "sanitise" values. */
+ int sanitize = 0; /* IMP1 Use constants for "sanitize" values. */
char *my_error_msg = NULL;
sorted_args = apr_array_make(msr->mp, 25, sizeof(const msc_arg *));
/* First we need to sort the arguments that need to be
- * sanitised in descending order (we are using a stack structure
+ * sanitized in descending order (we are using a stack structure
* to store then so the order will be ascending when we start
* popping them out). This is because we will
* be reading the request body sequentially and must
- * sanitise it as we go.
+ * sanitize it as we go.
*/
for(;;) {
@@ -544,7 +544,7 @@ void sec_audit_logger(modsec_rec *msr) {
/* Find the next largest offset (excluding
* the ones we've used up already).
*/
- tarr = apr_table_elts(msr->arguments_to_sanitise);
+ tarr = apr_table_elts(msr->arguments_to_sanitize);
telts = (const apr_table_entry_t*)tarr->elts;
for(i = 0; i < tarr->nelts; i++) {
msc_arg *arg = (msc_arg *)telts[i].val;
@@ -570,7 +570,7 @@ void sec_audit_logger(modsec_rec *msr) {
*/
if (nextarg == NULL) break;
- sanitise = 2; /* Means time to pop the next argument out. */
+ sanitize = 2; /* Means time to pop the next argument out. */
last_offset = offset;
offset = 0;
{ /* IMP1 Fix this ugly bit here. */
@@ -580,7 +580,7 @@ void sec_audit_logger(modsec_rec *msr) {
}
/* Now start retrieving the body chunk by chunk and
- * sanitise data in pieces.
+ * sanitize data in pieces.
*/
rc = modsecurity_request_body_retrieve_start(msr, &my_error_msg);
@@ -589,8 +589,8 @@ void sec_audit_logger(modsec_rec *msr) {
} else {
msc_data_chunk *chunk = NULL;
unsigned int chunk_offset = 0;
- unsigned int sanitise_offset = 0;
- unsigned int sanitise_length = 0;
+ unsigned int sanitize_offset = 0;
+ unsigned int sanitize_length = 0;
text = apr_psprintf(msr->mp, "\n--%s-%c--\n", msr->new_auditlog_boundary, AUDITLOG_PART_REQUEST_BODY);
sec_auditlog_write(msr, text, strlen(text));
@@ -598,46 +598,46 @@ void sec_audit_logger(modsec_rec *msr) {
for(;;) {
rc = modsecurity_request_body_retrieve(msr, &chunk, -1, &my_error_msg);
if (chunk != NULL) {
- /* Anything greater than 1 means we have more data to sanitise. */
- while (sanitise > 1) {
+ /* Anything greater than 1 means we have more data to sanitize. */
+ while (sanitize > 1) {
msc_arg **arg = NULL;
- if (sanitise == 2) {
+ if (sanitize == 2) {
/* Get the next argument from the stack. */
arg = (msc_arg **)apr_array_pop(sorted_args);
- if (arg == NULL) sanitise = 0; /* We're done sanitising. */
+ if (arg == NULL) sanitize = 0; /* We're done sanitising. */
else {
/* Continue with sanitation to process the
* retrieved argument.
*/
- sanitise = 1;
- sanitise_offset = (*arg)->value_origin_offset;
- sanitise_length = (*arg)->value_origin_len;
+ sanitize = 1;
+ sanitize_offset = (*arg)->value_origin_offset;
+ sanitize_length = (*arg)->value_origin_len;
}
}
- if (sanitise) {
- /* Check if the data we want to sanitise is
+ if (sanitize) {
+ /* Check if the data we want to sanitize is
* stored in the current chunk.
*/
- if (chunk_offset + chunk->length > sanitise_offset) {
+ if (chunk_offset + chunk->length > sanitize_offset) {
unsigned int soff; /* data offset within chunk */
- unsigned int len; /* amount in this chunk to sanitise */
+ unsigned int len; /* amount in this chunk to sanitize */
- soff = sanitise_offset - chunk_offset;
+ soff = sanitize_offset - chunk_offset;
- if (soff + sanitise_length <= chunk->length) {
+ if (soff + sanitize_length <= chunk->length) {
/* The entire argument resides in the current chunk. */
- len = sanitise_length;
- sanitise = 2; /* Get another parameter to sanitise. */
+ len = sanitize_length;
+ sanitize = 2; /* Get another parameter to sanitize. */
} else {
/* Some work to do here but we'll need to seek
* another chunk.
*/
len = chunk->length - soff;
- sanitise_offset += len;
- sanitise_length -= len;
- sanitise = 1; /* It's OK to go to the next chunk. */
+ sanitize_offset += len;
+ sanitize_length -= len;
+ sanitize = 1; /* It's OK to go to the next chunk. */
}
/* Yes, we actually write over the original data.
@@ -650,7 +650,7 @@ void sec_audit_logger(modsec_rec *msr) {
}
}
- /* Write the sanitised chunk to the log
+ /* Write the sanitized chunk to the log
* and advance to the next chunk. */
sec_auditlog_write(msr, chunk->data, chunk->length);
chunk_offset += chunk->length;
@@ -676,7 +676,7 @@ void sec_audit_logger(modsec_rec *msr) {
if ((msr->msc_reqbody_read)&&(msr->mpd != NULL)) {
char *buffer = NULL;
- buffer = multipart_reconstruct_urlencoded_body_sanitise(msr);
+ buffer = multipart_reconstruct_urlencoded_body_sanitize(msr);
if (buffer == NULL) {
msr_log(msr, 1, "Audit log: Failed to reconstruct request body.");
} else {
@@ -710,9 +710,9 @@ void sec_audit_logger(modsec_rec *msr) {
te = (apr_table_entry_t *)arr->elts;
for (i = 0; i < arr->nelts; i++) {
text = apr_psprintf(msr->mp, "%s: %s\n", te[i].key, te[i].val);
- /* Do we need to sanitise this response header? */
- if (apr_table_get(msr->response_headers_to_sanitise, te[i].key) != NULL) {
- /* Yes, sanitise it. */
+ /* Do we need to sanitize this response header? */
+ if (apr_table_get(msr->response_headers_to_sanitize, te[i].key) != NULL) {
+ /* Yes, sanitize it. */
memset(text + strlen(te[i].key) + 2, '*', strlen(te[i].val));
}
sec_auditlog_write(msr, text, strlen(text));
@@ -816,7 +816,7 @@ void sec_audit_logger(modsec_rec *msr) {
const apr_array_header_t *tarr;
const apr_table_entry_t *telts;
- tarr = apr_table_elts(msr->arguments_to_sanitise);
+ tarr = apr_table_elts(msr->arguments_to_sanitize);
telts = (const apr_table_entry_t*)tarr->elts;
if (tarr->nelts > 0) {
@@ -837,7 +837,7 @@ void sec_audit_logger(modsec_rec *msr) {
const apr_array_header_t *tarr;
const apr_table_entry_t *telts;
- tarr = apr_table_elts(msr->request_headers_to_sanitise);
+ tarr = apr_table_elts(msr->request_headers_to_sanitize);
telts = (const apr_table_entry_t*)tarr->elts;
if (tarr->nelts > 0) {
@@ -857,7 +857,7 @@ void sec_audit_logger(modsec_rec *msr) {
const apr_array_header_t *tarr;
const apr_table_entry_t *telts;
- tarr = apr_table_elts(msr->response_headers_to_sanitise);
+ tarr = apr_table_elts(msr->response_headers_to_sanitize);
telts = (const apr_table_entry_t*)tarr->elts;
if (tarr->nelts > 0) {
diff --git a/apache2/msc_multipart.c b/apache2/msc_multipart.c
index c87f7d1b..38ba40ea 100644
--- a/apache2/msc_multipart.c
+++ b/apache2/msc_multipart.c
@@ -1279,7 +1279,7 @@ int multipart_get_arguments(modsec_rec *msr, char *origin, apr_table_t *argument
/**
*
*/
-char *multipart_reconstruct_urlencoded_body_sanitise(modsec_rec *msr) {
+char *multipart_reconstruct_urlencoded_body_sanitize(modsec_rec *msr) {
multipart_part **parts;
char *body;
unsigned int body_len;
@@ -1317,7 +1317,7 @@ char *multipart_reconstruct_urlencoded_body_sanitise(modsec_rec *msr) {
* in the memory.
*/
if (msr->phase >= PHASE_LOGGING) {
- if (apr_table_get(msr->arguments_to_sanitise, parts[i]->name) != NULL) {
+ if (apr_table_get(msr->arguments_to_sanitize, parts[i]->name) != NULL) {
memset(parts[i]->value, '*', strlen(parts[i]->value));
}
}
diff --git a/apache2/msc_multipart.h b/apache2/msc_multipart.h
index 9cda6145..08cd7f65 100644
--- a/apache2/msc_multipart.h
+++ b/apache2/msc_multipart.h
@@ -133,6 +133,6 @@ apr_status_t DSOLOCAL multipart_cleanup(modsec_rec *msr);
int DSOLOCAL multipart_get_arguments(modsec_rec *msr, char *origin, apr_table_t *arguments);
-char DSOLOCAL *multipart_reconstruct_urlencoded_body_sanitise(modsec_rec *msr);
+char DSOLOCAL *multipart_reconstruct_urlencoded_body_sanitize(modsec_rec *msr);
#endif
diff --git a/apache2/re_actions.c b/apache2/re_actions.c
index e1909953..6e7cac89 100644
--- a/apache2/re_actions.c
+++ b/apache2/re_actions.c
@@ -973,8 +973,8 @@ static char *msre_action_xmlns_validate(msre_engine *engine, msre_action *action
return NULL;
}
-/* sanitiseArg */
-static apr_status_t msre_action_sanitiseArg_execute(modsec_rec *msr, apr_pool_t *mptmp,
+/* sanitizeArg */
+static apr_status_t msre_action_sanitizeArg_execute(modsec_rec *msr, apr_pool_t *mptmp,
msre_rule *rule, msre_action *action)
{
const char *sargname = NULL;
@@ -990,7 +990,7 @@ static apr_status_t msre_action_sanitiseArg_execute(modsec_rec *msr, apr_pool_t
msc_arg *arg = (msc_arg *)telts[i].val;
if (strcasecmp(sargname, arg->name) == 0) {
- apr_table_addn(msr->arguments_to_sanitise, arg->name, (void *)arg);
+ apr_table_addn(msr->arguments_to_sanitize, arg->name, (void *)arg);
}
}
@@ -1001,8 +1001,8 @@ static apr_status_t msre_action_sanitiseArg_execute(modsec_rec *msr, apr_pool_t
#define SANITISE_REQUEST_HEADER 2
#define SANITISE_RESPONSE_HEADER 3
-/* sanitiseMatched */
-static apr_status_t msre_action_sanitiseMatched_execute(modsec_rec *msr, apr_pool_t *mptmp,
+/* sanitizeMatched */
+static apr_status_t msre_action_sanitizeMatched_execute(modsec_rec *msr, apr_pool_t *mptmp,
msre_rule *rule, msre_action *action)
{
const char *sargname = NULL;
@@ -1041,7 +1041,7 @@ static apr_status_t msre_action_sanitiseMatched_execute(modsec_rec *msr, apr_poo
type = SANITISE_RESPONSE_HEADER;
}
else {
- msr_log(msr, 3, "sanitiseMatched: Don't know how to handle variable: %s",
+ msr_log(msr, 3, "sanitizeMatched: Don't know how to handle variable: %s",
mvar->name);
return 0;
}
@@ -1053,17 +1053,17 @@ static apr_status_t msre_action_sanitiseMatched_execute(modsec_rec *msr, apr_poo
for (i = 0; i < tarr->nelts; i++) {
msc_arg *arg = (msc_arg *)telts[i].val;
if (strcasecmp(sargname, arg->name) == 0) {
- apr_table_addn(msr->arguments_to_sanitise, arg->name, (void *)arg);
+ apr_table_addn(msr->arguments_to_sanitize, arg->name, (void *)arg);
}
}
break;
case SANITISE_REQUEST_HEADER :
- apr_table_set(msr->request_headers_to_sanitise, sargname, "1");
+ apr_table_set(msr->request_headers_to_sanitize, sargname, "1");
break;
case SANITISE_RESPONSE_HEADER :
- apr_table_set(msr->response_headers_to_sanitise, sargname, "1");
+ apr_table_set(msr->response_headers_to_sanitize, sargname, "1");
break;
default :
@@ -1074,19 +1074,19 @@ static apr_status_t msre_action_sanitiseMatched_execute(modsec_rec *msr, apr_poo
return 1;
}
-/* sanitiseRequestHeader */
-static apr_status_t msre_action_sanitiseRequestHeader_execute(modsec_rec *msr, apr_pool_t *mptmp,
+/* sanitizeRequestHeader */
+static apr_status_t msre_action_sanitizeRequestHeader_execute(modsec_rec *msr, apr_pool_t *mptmp,
msre_rule *rule, msre_action *action)
{
- apr_table_set(msr->request_headers_to_sanitise, action->param, "1");
+ apr_table_set(msr->request_headers_to_sanitize, action->param, "1");
return 1;
}
-/* sanitiseResponseHeader */
-static apr_status_t msre_action_sanitiseResponseHeader_execute(modsec_rec *msr, apr_pool_t *mptmp,
+/* sanitizeResponseHeader */
+static apr_status_t msre_action_sanitizeResponseHeader_execute(modsec_rec *msr, apr_pool_t *mptmp,
msre_rule *rule, msre_action *action)
{
- apr_table_set(msr->response_headers_to_sanitise, action->param, "1");
+ apr_table_set(msr->response_headers_to_sanitize, action->param, "1");
return 1;
}
@@ -2195,7 +2195,20 @@ void msre_engine_register_default_actions(msre_engine *engine) {
ACTION_CGROUP_NONE,
NULL,
NULL,
- msre_action_sanitiseArg_execute
+ msre_action_sanitizeArg_execute
+ );
+
+ /* sanitizeArg */
+ msre_engine_action_register(engine,
+ "sanitizeArg",
+ ACTION_NON_DISRUPTIVE,
+ 1, 1,
+ NO_PLUS_MINUS,
+ ACTION_CARDINALITY_MANY,
+ ACTION_CGROUP_NONE,
+ NULL,
+ NULL,
+ msre_action_sanitizeArg_execute
);
/* sanitiseMatched */
@@ -2208,7 +2221,20 @@ void msre_engine_register_default_actions(msre_engine *engine) {
ACTION_CGROUP_NONE,
NULL,
NULL,
- msre_action_sanitiseMatched_execute
+ msre_action_sanitizeMatched_execute
+ );
+
+ /* sanitizeMatched */
+ msre_engine_action_register(engine,
+ "sanitizeMatched",
+ ACTION_NON_DISRUPTIVE,
+ 0, 0,
+ NO_PLUS_MINUS,
+ ACTION_CARDINALITY_MANY,
+ ACTION_CGROUP_NONE,
+ NULL,
+ NULL,
+ msre_action_sanitizeMatched_execute
);
/* sanitiseRequestHeader */
@@ -2221,7 +2247,20 @@ void msre_engine_register_default_actions(msre_engine *engine) {
ACTION_CGROUP_NONE,
NULL,
NULL,
- msre_action_sanitiseRequestHeader_execute
+ msre_action_sanitizeRequestHeader_execute
+ );
+
+ /* sanitizeRequestHeader */
+ msre_engine_action_register(engine,
+ "sanitizeRequestHeader",
+ ACTION_NON_DISRUPTIVE,
+ 1, 1,
+ NO_PLUS_MINUS,
+ ACTION_CARDINALITY_MANY,
+ ACTION_CGROUP_NONE,
+ NULL,
+ NULL,
+ msre_action_sanitizeRequestHeader_execute
);
/* sanitiseResponseHeader */
@@ -2234,7 +2273,20 @@ void msre_engine_register_default_actions(msre_engine *engine) {
ACTION_CGROUP_NONE,
NULL,
NULL,
- msre_action_sanitiseResponseHeader_execute
+ msre_action_sanitizeResponseHeader_execute
+ );
+
+ /* sanitizeResponseHeader */
+ msre_engine_action_register(engine,
+ "sanitizeResponseHeader",
+ ACTION_NON_DISRUPTIVE,
+ 1, 1,
+ NO_PLUS_MINUS,
+ ACTION_CARDINALITY_MANY,
+ ACTION_CGROUP_NONE,
+ NULL,
+ NULL,
+ msre_action_sanitizeResponseHeader_execute
);
/* setenv */
diff --git a/doc/modsecurity2-apache-reference.xml b/doc/modsecurity2-apache-reference.xml
index 6d2d9293..11fe29d8 100644
--- a/doc/modsecurity2-apache-reference.xml
+++ b/doc/modsecurity2-apache-reference.xml
@@ -5126,7 +5126,7 @@ SecRule REQUEST_HEADERS:User-Agent "Test" log,deny,status:403
- <literal>sanitiseArg</literal>
+ <literal>sanitizeArg</literal>
Description: Sanitises (replaces each byte
with an asterisk) a named request argument prior to audit
@@ -5136,7 +5136,7 @@ SecRule REQUEST_HEADERS:User-Agent "Test" log,deny,status:403
Example:
- SecAction nolog,phase:2,sanitiseArg:password
+ SecAction nolog,phase:2,sanitizeArg:password
Note
@@ -5148,7 +5148,7 @@ SecRule REQUEST_HEADERS:User-Agent "Test" log,deny,status:403
- <literal>sanitiseMatched</literal>
+ <literal>sanitizeMatched</literal>
Description: Sanitises the variable (request
argument, request header, or response header) that caused a rule
@@ -5156,52 +5156,52 @@ SecRule REQUEST_HEADERS:User-Agent "Test" log,deny,status:403
Action Group: Non-disruptive
- Example: This action can be used to sanitise arbitrary transaction
+ Example: This action can be used to sanitize arbitrary transaction
elements when they match a condition. For example, the example below
- will sanitise any argument that contains the word
+ will sanitize any argument that contains the word
password in the name.
- SecRule ARGS_NAMES password nolog,pass,sanitiseMatched
+ SecRule ARGS_NAMES password nolog,pass,sanitizeMatched
Note
- Same note as sanitiseArg.
+ Same note as sanitizeArg.
- <literal>sanitiseRequestHeader</literal>
+ <literal>sanitizeRequestHeader</literal>
Description: Sanitises a named request
header.
Action Group: Non-disruptive
- Example: This will sanitise the data in the Authorization
+ Example: This will sanitize the data in the Authorization
header.
- SecAction log,phase:1,sanitiseRequestHeader:Authorization
+ SecAction log,phase:1,sanitizeRequestHeader:Authorization
Note
- Same note as sanitiseArg.
+ Same note as sanitizeArg.
- <literal>sanitiseResponseHeader</literal>
+ <literal>sanitizeResponseHeader</literal>
Description: Sanitises a named response
header.
Action Group: Non-disruptive
- Example: This will sanitise the Set-Cookie data sent to the
+ Example: This will sanitize the Set-Cookie data sent to the
client.
- SecAction log,phase:3,sanitiseResponseHeader:Set-Cookie
+ SecAction log,phase:3,sanitizeResponseHeader:Set-Cookie
Note
- Same note as sanitiseArg.
+ Same note as sanitizeArg.
@@ -5958,7 +5958,7 @@ SecRule XML "@validateSchema /path/to/apache2/conf/xml.xsd"
Example:
SecRule ARGS "@verifyCC \d{13,16}" \
- "phase:2,sanitiseMatched,log,auditlog,pass,msg:'Potential credit card number'"
+ "phase:2,sanitizeMatched,log,auditlog,pass,msg:'Potential credit card number'"
diff --git a/doc/modsecurity2-data-formats.xml b/doc/modsecurity2-data-formats.xml
index de20c630..464caced 100644
--- a/doc/modsecurity2-data-formats.xml
+++ b/doc/modsecurity2-data-formats.xml
@@ -347,7 +347,7 @@
ModSecurity alerts will always contain text fragments that were
taken from configuration or the transaction. Such text fragments escaped
- before they are user in messages, in order to sanitise the potentially
+ before they are user in messages, in order to sanitize the potentially
dangerous characters. They are also sometimes surrounded using double
quotes. The escaping algorithm is as follows:
@@ -856,7 +856,7 @@ Server: Apache/2.x.x
Sanitised-Args
The Sanitised-Args header contains a list
- of arguments that were sanitised (each byte of their content
+ of arguments that were sanitized (each byte of their content
replaced with an asterisk) before logging. For example:
Sanitised-Args: "old_password", "new_password", "new_password_repeat".
@@ -866,7 +866,7 @@ Server: Apache/2.x.x
Sanitised-Request-Headers
The Sanitised-Request-Headers header
- contains a list of request headers that were sanitised before
+ contains a list of request headers that were sanitized before
logging. For example:
Sanitised-Request-Headers: "Authentication".
@@ -876,7 +876,7 @@ Server: Apache/2.x.x
Sanitised-Response-Headers
The Sanitised-Response-Headers header
- contains a list of response headers that were sanitised before
+ contains a list of response headers that were sanitized before
logging. For example:
Sanitised-Response-Headers: "My-Custom-Header".