From 8fe278e845b413fadf0f9a7ff8bebf0b9a253e51 Mon Sep 17 00:00:00 2001 From: ivanr Date: Thu, 29 Oct 2009 17:57:18 +0000 Subject: [PATCH] Change 'sanitise' to 'sanitize' everywhere, preserving the 'sanitise' action variants for backward compatibility. --- apache2/modsecurity.c | 12 ++-- apache2/modsecurity.h | 6 +- apache2/msc_logging.c | 84 ++++++++++++------------- apache2/msc_multipart.c | 4 +- apache2/msc_multipart.h | 2 +- apache2/re_actions.c | 90 +++++++++++++++++++++------ doc/modsecurity2-apache-reference.xml | 32 +++++----- doc/modsecurity2-data-formats.xml | 8 +-- 8 files changed, 145 insertions(+), 93 deletions(-) diff --git a/apache2/modsecurity.c b/apache2/modsecurity.c index add28b38..437d108d 100644 --- a/apache2/modsecurity.c +++ b/apache2/modsecurity.c @@ -297,12 +297,12 @@ apr_status_t modsecurity_tx_init(modsec_rec *msr) { } } - msr->arguments_to_sanitise = apr_table_make(msr->mp, 16); - if (msr->arguments_to_sanitise == NULL) return -1; - msr->request_headers_to_sanitise = apr_table_make(msr->mp, 16); - if (msr->request_headers_to_sanitise == NULL) return -1; - msr->response_headers_to_sanitise = apr_table_make(msr->mp, 16); - if (msr->response_headers_to_sanitise == NULL) return -1; + msr->arguments_to_sanitize = apr_table_make(msr->mp, 16); + if (msr->arguments_to_sanitize == NULL) return -1; + msr->request_headers_to_sanitize = apr_table_make(msr->mp, 16); + if (msr->request_headers_to_sanitize == NULL) return -1; + msr->response_headers_to_sanitize = apr_table_make(msr->mp, 16); + if (msr->response_headers_to_sanitize == NULL) return -1; /* Initialise cookies */ msr->request_cookies = apr_table_make(msr->mp, 16); diff --git a/apache2/modsecurity.h b/apache2/modsecurity.h index 489d50ad..7f80dfd1 100644 --- a/apache2/modsecurity.h +++ b/apache2/modsecurity.h @@ -250,9 +250,9 @@ struct modsec_rec { const char *request_content_type; apr_table_t *arguments; - apr_table_t *arguments_to_sanitise; - apr_table_t *request_headers_to_sanitise; - apr_table_t *response_headers_to_sanitise; + apr_table_t *arguments_to_sanitize; + apr_table_t *request_headers_to_sanitize; + apr_table_t *response_headers_to_sanitize; apr_table_t *request_cookies; unsigned int is_relevant; diff --git a/apache2/msc_logging.c b/apache2/msc_logging.c index 956f31b5..85e94bbf 100644 --- a/apache2/msc_logging.c +++ b/apache2/msc_logging.c @@ -287,7 +287,7 @@ static char *create_auditlog_boundary(request_rec *r) { * Sanitises the request line by removing the parameters * that have been marked as sensitive. */ -static void sanitise_request_line(modsec_rec *msr) { +static void sanitize_request_line(modsec_rec *msr) { const apr_array_header_t *tarr; const apr_table_entry_t *telts; int i; @@ -299,7 +299,7 @@ static void sanitise_request_line(modsec_rec *msr) { qspos++; /* Loop through the list of sensitive parameters. */ - tarr = apr_table_elts(msr->arguments_to_sanitise); + tarr = apr_table_elts(msr->arguments_to_sanitize); telts = (const apr_table_entry_t*)tarr->elts; for (i = 0; i < tarr->nelts; i++) { msc_arg *arg = (msc_arg *)telts[i].val; @@ -313,7 +313,7 @@ static void sanitise_request_line(modsec_rec *msr) { j = arg->value_origin_offset; while((*p != '\0')&&(j--)) p++; if (*p == '\0') { - msr_log(msr, 1, "Unable to sanitise variable \"%s\" at offset %u of QUERY_STRING" + msr_log(msr, 1, "Unable to sanitize variable \"%s\" at offset %u of QUERY_STRING" "because the request line is too short.", log_escape_ex(msr->mp, arg->name, arg->name_len), arg->value_origin_offset); @@ -326,7 +326,7 @@ static void sanitise_request_line(modsec_rec *msr) { *p++ = '*'; } if (*p == '\0') { - msr_log(msr, 1, "Unable to sanitise variable \"%s\" at offset %u (size %d) " + msr_log(msr, 1, "Unable to sanitize variable \"%s\" at offset %u (size %d) " "of QUERY_STRING because the request line is too short.", log_escape_ex(msr->mp, arg->name, arg->name_len), arg->value_origin_offset, arg->value_origin_len); @@ -491,7 +491,7 @@ void sec_audit_logger(modsec_rec *msr) { text = apr_psprintf(msr->mp, "\n--%s-%c--\n", msr->new_auditlog_boundary, AUDITLOG_PART_REQUEST_HEADERS); sec_auditlog_write(msr, text, strlen(text)); - sanitise_request_line(msr); + sanitize_request_line(msr); sec_auditlog_write(msr, msr->request_line, strlen(msr->request_line)); sec_auditlog_write(msr, "\n", 1); @@ -500,9 +500,9 @@ void sec_audit_logger(modsec_rec *msr) { te = (apr_table_entry_t *)arr->elts; for (i = 0; i < arr->nelts; i++) { text = apr_psprintf(msr->mp, "%s: %s\n", te[i].key, te[i].val); - /* Do we need to sanitise this request header? */ - if (apr_table_get(msr->request_headers_to_sanitise, te[i].key) != NULL) { - /* Yes, sanitise it. */ + /* Do we need to sanitize this request header? */ + if (apr_table_get(msr->request_headers_to_sanitize, te[i].key) != NULL) { + /* Yes, sanitize it. */ memset(text + strlen(te[i].key) + 2, '*', strlen(te[i].val)); } sec_auditlog_write(msr, text, strlen(text)); @@ -525,17 +525,17 @@ void sec_audit_logger(modsec_rec *msr) { apr_array_header_t *sorted_args; unsigned int offset = 0, last_offset = 0; msc_arg *nextarg = NULL; - int sanitise = 0; /* IMP1 Use constants for "sanitise" values. */ + int sanitize = 0; /* IMP1 Use constants for "sanitize" values. */ char *my_error_msg = NULL; sorted_args = apr_array_make(msr->mp, 25, sizeof(const msc_arg *)); /* First we need to sort the arguments that need to be - * sanitised in descending order (we are using a stack structure + * sanitized in descending order (we are using a stack structure * to store then so the order will be ascending when we start * popping them out). This is because we will * be reading the request body sequentially and must - * sanitise it as we go. + * sanitize it as we go. */ for(;;) { @@ -544,7 +544,7 @@ void sec_audit_logger(modsec_rec *msr) { /* Find the next largest offset (excluding * the ones we've used up already). */ - tarr = apr_table_elts(msr->arguments_to_sanitise); + tarr = apr_table_elts(msr->arguments_to_sanitize); telts = (const apr_table_entry_t*)tarr->elts; for(i = 0; i < tarr->nelts; i++) { msc_arg *arg = (msc_arg *)telts[i].val; @@ -570,7 +570,7 @@ void sec_audit_logger(modsec_rec *msr) { */ if (nextarg == NULL) break; - sanitise = 2; /* Means time to pop the next argument out. */ + sanitize = 2; /* Means time to pop the next argument out. */ last_offset = offset; offset = 0; { /* IMP1 Fix this ugly bit here. */ @@ -580,7 +580,7 @@ void sec_audit_logger(modsec_rec *msr) { } /* Now start retrieving the body chunk by chunk and - * sanitise data in pieces. + * sanitize data in pieces. */ rc = modsecurity_request_body_retrieve_start(msr, &my_error_msg); @@ -589,8 +589,8 @@ void sec_audit_logger(modsec_rec *msr) { } else { msc_data_chunk *chunk = NULL; unsigned int chunk_offset = 0; - unsigned int sanitise_offset = 0; - unsigned int sanitise_length = 0; + unsigned int sanitize_offset = 0; + unsigned int sanitize_length = 0; text = apr_psprintf(msr->mp, "\n--%s-%c--\n", msr->new_auditlog_boundary, AUDITLOG_PART_REQUEST_BODY); sec_auditlog_write(msr, text, strlen(text)); @@ -598,46 +598,46 @@ void sec_audit_logger(modsec_rec *msr) { for(;;) { rc = modsecurity_request_body_retrieve(msr, &chunk, -1, &my_error_msg); if (chunk != NULL) { - /* Anything greater than 1 means we have more data to sanitise. */ - while (sanitise > 1) { + /* Anything greater than 1 means we have more data to sanitize. */ + while (sanitize > 1) { msc_arg **arg = NULL; - if (sanitise == 2) { + if (sanitize == 2) { /* Get the next argument from the stack. */ arg = (msc_arg **)apr_array_pop(sorted_args); - if (arg == NULL) sanitise = 0; /* We're done sanitising. */ + if (arg == NULL) sanitize = 0; /* We're done sanitising. */ else { /* Continue with sanitation to process the * retrieved argument. */ - sanitise = 1; - sanitise_offset = (*arg)->value_origin_offset; - sanitise_length = (*arg)->value_origin_len; + sanitize = 1; + sanitize_offset = (*arg)->value_origin_offset; + sanitize_length = (*arg)->value_origin_len; } } - if (sanitise) { - /* Check if the data we want to sanitise is + if (sanitize) { + /* Check if the data we want to sanitize is * stored in the current chunk. */ - if (chunk_offset + chunk->length > sanitise_offset) { + if (chunk_offset + chunk->length > sanitize_offset) { unsigned int soff; /* data offset within chunk */ - unsigned int len; /* amount in this chunk to sanitise */ + unsigned int len; /* amount in this chunk to sanitize */ - soff = sanitise_offset - chunk_offset; + soff = sanitize_offset - chunk_offset; - if (soff + sanitise_length <= chunk->length) { + if (soff + sanitize_length <= chunk->length) { /* The entire argument resides in the current chunk. */ - len = sanitise_length; - sanitise = 2; /* Get another parameter to sanitise. */ + len = sanitize_length; + sanitize = 2; /* Get another parameter to sanitize. */ } else { /* Some work to do here but we'll need to seek * another chunk. */ len = chunk->length - soff; - sanitise_offset += len; - sanitise_length -= len; - sanitise = 1; /* It's OK to go to the next chunk. */ + sanitize_offset += len; + sanitize_length -= len; + sanitize = 1; /* It's OK to go to the next chunk. */ } /* Yes, we actually write over the original data. @@ -650,7 +650,7 @@ void sec_audit_logger(modsec_rec *msr) { } } - /* Write the sanitised chunk to the log + /* Write the sanitized chunk to the log * and advance to the next chunk. */ sec_auditlog_write(msr, chunk->data, chunk->length); chunk_offset += chunk->length; @@ -676,7 +676,7 @@ void sec_audit_logger(modsec_rec *msr) { if ((msr->msc_reqbody_read)&&(msr->mpd != NULL)) { char *buffer = NULL; - buffer = multipart_reconstruct_urlencoded_body_sanitise(msr); + buffer = multipart_reconstruct_urlencoded_body_sanitize(msr); if (buffer == NULL) { msr_log(msr, 1, "Audit log: Failed to reconstruct request body."); } else { @@ -710,9 +710,9 @@ void sec_audit_logger(modsec_rec *msr) { te = (apr_table_entry_t *)arr->elts; for (i = 0; i < arr->nelts; i++) { text = apr_psprintf(msr->mp, "%s: %s\n", te[i].key, te[i].val); - /* Do we need to sanitise this response header? */ - if (apr_table_get(msr->response_headers_to_sanitise, te[i].key) != NULL) { - /* Yes, sanitise it. */ + /* Do we need to sanitize this response header? */ + if (apr_table_get(msr->response_headers_to_sanitize, te[i].key) != NULL) { + /* Yes, sanitize it. */ memset(text + strlen(te[i].key) + 2, '*', strlen(te[i].val)); } sec_auditlog_write(msr, text, strlen(text)); @@ -816,7 +816,7 @@ void sec_audit_logger(modsec_rec *msr) { const apr_array_header_t *tarr; const apr_table_entry_t *telts; - tarr = apr_table_elts(msr->arguments_to_sanitise); + tarr = apr_table_elts(msr->arguments_to_sanitize); telts = (const apr_table_entry_t*)tarr->elts; if (tarr->nelts > 0) { @@ -837,7 +837,7 @@ void sec_audit_logger(modsec_rec *msr) { const apr_array_header_t *tarr; const apr_table_entry_t *telts; - tarr = apr_table_elts(msr->request_headers_to_sanitise); + tarr = apr_table_elts(msr->request_headers_to_sanitize); telts = (const apr_table_entry_t*)tarr->elts; if (tarr->nelts > 0) { @@ -857,7 +857,7 @@ void sec_audit_logger(modsec_rec *msr) { const apr_array_header_t *tarr; const apr_table_entry_t *telts; - tarr = apr_table_elts(msr->response_headers_to_sanitise); + tarr = apr_table_elts(msr->response_headers_to_sanitize); telts = (const apr_table_entry_t*)tarr->elts; if (tarr->nelts > 0) { diff --git a/apache2/msc_multipart.c b/apache2/msc_multipart.c index c87f7d1b..38ba40ea 100644 --- a/apache2/msc_multipart.c +++ b/apache2/msc_multipart.c @@ -1279,7 +1279,7 @@ int multipart_get_arguments(modsec_rec *msr, char *origin, apr_table_t *argument /** * */ -char *multipart_reconstruct_urlencoded_body_sanitise(modsec_rec *msr) { +char *multipart_reconstruct_urlencoded_body_sanitize(modsec_rec *msr) { multipart_part **parts; char *body; unsigned int body_len; @@ -1317,7 +1317,7 @@ char *multipart_reconstruct_urlencoded_body_sanitise(modsec_rec *msr) { * in the memory. */ if (msr->phase >= PHASE_LOGGING) { - if (apr_table_get(msr->arguments_to_sanitise, parts[i]->name) != NULL) { + if (apr_table_get(msr->arguments_to_sanitize, parts[i]->name) != NULL) { memset(parts[i]->value, '*', strlen(parts[i]->value)); } } diff --git a/apache2/msc_multipart.h b/apache2/msc_multipart.h index 9cda6145..08cd7f65 100644 --- a/apache2/msc_multipart.h +++ b/apache2/msc_multipart.h @@ -133,6 +133,6 @@ apr_status_t DSOLOCAL multipart_cleanup(modsec_rec *msr); int DSOLOCAL multipart_get_arguments(modsec_rec *msr, char *origin, apr_table_t *arguments); -char DSOLOCAL *multipart_reconstruct_urlencoded_body_sanitise(modsec_rec *msr); +char DSOLOCAL *multipart_reconstruct_urlencoded_body_sanitize(modsec_rec *msr); #endif diff --git a/apache2/re_actions.c b/apache2/re_actions.c index e1909953..6e7cac89 100644 --- a/apache2/re_actions.c +++ b/apache2/re_actions.c @@ -973,8 +973,8 @@ static char *msre_action_xmlns_validate(msre_engine *engine, msre_action *action return NULL; } -/* sanitiseArg */ -static apr_status_t msre_action_sanitiseArg_execute(modsec_rec *msr, apr_pool_t *mptmp, +/* sanitizeArg */ +static apr_status_t msre_action_sanitizeArg_execute(modsec_rec *msr, apr_pool_t *mptmp, msre_rule *rule, msre_action *action) { const char *sargname = NULL; @@ -990,7 +990,7 @@ static apr_status_t msre_action_sanitiseArg_execute(modsec_rec *msr, apr_pool_t msc_arg *arg = (msc_arg *)telts[i].val; if (strcasecmp(sargname, arg->name) == 0) { - apr_table_addn(msr->arguments_to_sanitise, arg->name, (void *)arg); + apr_table_addn(msr->arguments_to_sanitize, arg->name, (void *)arg); } } @@ -1001,8 +1001,8 @@ static apr_status_t msre_action_sanitiseArg_execute(modsec_rec *msr, apr_pool_t #define SANITISE_REQUEST_HEADER 2 #define SANITISE_RESPONSE_HEADER 3 -/* sanitiseMatched */ -static apr_status_t msre_action_sanitiseMatched_execute(modsec_rec *msr, apr_pool_t *mptmp, +/* sanitizeMatched */ +static apr_status_t msre_action_sanitizeMatched_execute(modsec_rec *msr, apr_pool_t *mptmp, msre_rule *rule, msre_action *action) { const char *sargname = NULL; @@ -1041,7 +1041,7 @@ static apr_status_t msre_action_sanitiseMatched_execute(modsec_rec *msr, apr_poo type = SANITISE_RESPONSE_HEADER; } else { - msr_log(msr, 3, "sanitiseMatched: Don't know how to handle variable: %s", + msr_log(msr, 3, "sanitizeMatched: Don't know how to handle variable: %s", mvar->name); return 0; } @@ -1053,17 +1053,17 @@ static apr_status_t msre_action_sanitiseMatched_execute(modsec_rec *msr, apr_poo for (i = 0; i < tarr->nelts; i++) { msc_arg *arg = (msc_arg *)telts[i].val; if (strcasecmp(sargname, arg->name) == 0) { - apr_table_addn(msr->arguments_to_sanitise, arg->name, (void *)arg); + apr_table_addn(msr->arguments_to_sanitize, arg->name, (void *)arg); } } break; case SANITISE_REQUEST_HEADER : - apr_table_set(msr->request_headers_to_sanitise, sargname, "1"); + apr_table_set(msr->request_headers_to_sanitize, sargname, "1"); break; case SANITISE_RESPONSE_HEADER : - apr_table_set(msr->response_headers_to_sanitise, sargname, "1"); + apr_table_set(msr->response_headers_to_sanitize, sargname, "1"); break; default : @@ -1074,19 +1074,19 @@ static apr_status_t msre_action_sanitiseMatched_execute(modsec_rec *msr, apr_poo return 1; } -/* sanitiseRequestHeader */ -static apr_status_t msre_action_sanitiseRequestHeader_execute(modsec_rec *msr, apr_pool_t *mptmp, +/* sanitizeRequestHeader */ +static apr_status_t msre_action_sanitizeRequestHeader_execute(modsec_rec *msr, apr_pool_t *mptmp, msre_rule *rule, msre_action *action) { - apr_table_set(msr->request_headers_to_sanitise, action->param, "1"); + apr_table_set(msr->request_headers_to_sanitize, action->param, "1"); return 1; } -/* sanitiseResponseHeader */ -static apr_status_t msre_action_sanitiseResponseHeader_execute(modsec_rec *msr, apr_pool_t *mptmp, +/* sanitizeResponseHeader */ +static apr_status_t msre_action_sanitizeResponseHeader_execute(modsec_rec *msr, apr_pool_t *mptmp, msre_rule *rule, msre_action *action) { - apr_table_set(msr->response_headers_to_sanitise, action->param, "1"); + apr_table_set(msr->response_headers_to_sanitize, action->param, "1"); return 1; } @@ -2195,7 +2195,20 @@ void msre_engine_register_default_actions(msre_engine *engine) { ACTION_CGROUP_NONE, NULL, NULL, - msre_action_sanitiseArg_execute + msre_action_sanitizeArg_execute + ); + + /* sanitizeArg */ + msre_engine_action_register(engine, + "sanitizeArg", + ACTION_NON_DISRUPTIVE, + 1, 1, + NO_PLUS_MINUS, + ACTION_CARDINALITY_MANY, + ACTION_CGROUP_NONE, + NULL, + NULL, + msre_action_sanitizeArg_execute ); /* sanitiseMatched */ @@ -2208,7 +2221,20 @@ void msre_engine_register_default_actions(msre_engine *engine) { ACTION_CGROUP_NONE, NULL, NULL, - msre_action_sanitiseMatched_execute + msre_action_sanitizeMatched_execute + ); + + /* sanitizeMatched */ + msre_engine_action_register(engine, + "sanitizeMatched", + ACTION_NON_DISRUPTIVE, + 0, 0, + NO_PLUS_MINUS, + ACTION_CARDINALITY_MANY, + ACTION_CGROUP_NONE, + NULL, + NULL, + msre_action_sanitizeMatched_execute ); /* sanitiseRequestHeader */ @@ -2221,7 +2247,20 @@ void msre_engine_register_default_actions(msre_engine *engine) { ACTION_CGROUP_NONE, NULL, NULL, - msre_action_sanitiseRequestHeader_execute + msre_action_sanitizeRequestHeader_execute + ); + + /* sanitizeRequestHeader */ + msre_engine_action_register(engine, + "sanitizeRequestHeader", + ACTION_NON_DISRUPTIVE, + 1, 1, + NO_PLUS_MINUS, + ACTION_CARDINALITY_MANY, + ACTION_CGROUP_NONE, + NULL, + NULL, + msre_action_sanitizeRequestHeader_execute ); /* sanitiseResponseHeader */ @@ -2234,7 +2273,20 @@ void msre_engine_register_default_actions(msre_engine *engine) { ACTION_CGROUP_NONE, NULL, NULL, - msre_action_sanitiseResponseHeader_execute + msre_action_sanitizeResponseHeader_execute + ); + + /* sanitizeResponseHeader */ + msre_engine_action_register(engine, + "sanitizeResponseHeader", + ACTION_NON_DISRUPTIVE, + 1, 1, + NO_PLUS_MINUS, + ACTION_CARDINALITY_MANY, + ACTION_CGROUP_NONE, + NULL, + NULL, + msre_action_sanitizeResponseHeader_execute ); /* setenv */ diff --git a/doc/modsecurity2-apache-reference.xml b/doc/modsecurity2-apache-reference.xml index 6d2d9293..11fe29d8 100644 --- a/doc/modsecurity2-apache-reference.xml +++ b/doc/modsecurity2-apache-reference.xml @@ -5126,7 +5126,7 @@ SecRule REQUEST_HEADERS:User-Agent "Test" log,deny,status:403
- <literal>sanitiseArg</literal> + <literal>sanitizeArg</literal> Description: Sanitises (replaces each byte with an asterisk) a named request argument prior to audit @@ -5136,7 +5136,7 @@ SecRule REQUEST_HEADERS:User-Agent "Test" log,deny,status:403 Example: - SecAction nolog,phase:2,sanitiseArg:password + SecAction nolog,phase:2,sanitizeArg:password Note @@ -5148,7 +5148,7 @@ SecRule REQUEST_HEADERS:User-Agent "Test" log,deny,status:403
- <literal>sanitiseMatched</literal> + <literal>sanitizeMatched</literal> Description: Sanitises the variable (request argument, request header, or response header) that caused a rule @@ -5156,52 +5156,52 @@ SecRule REQUEST_HEADERS:User-Agent "Test" log,deny,status:403 Action Group: Non-disruptive - Example: This action can be used to sanitise arbitrary transaction + Example: This action can be used to sanitize arbitrary transaction elements when they match a condition. For example, the example below - will sanitise any argument that contains the word + will sanitize any argument that contains the word password in the name. - SecRule ARGS_NAMES password nolog,pass,sanitiseMatched + SecRule ARGS_NAMES password nolog,pass,sanitizeMatched Note - Same note as sanitiseArg. + Same note as sanitizeArg.
- <literal>sanitiseRequestHeader</literal> + <literal>sanitizeRequestHeader</literal> Description: Sanitises a named request header. Action Group: Non-disruptive - Example: This will sanitise the data in the Authorization + Example: This will sanitize the data in the Authorization header. - SecAction log,phase:1,sanitiseRequestHeader:Authorization + SecAction log,phase:1,sanitizeRequestHeader:Authorization Note - Same note as sanitiseArg. + Same note as sanitizeArg.
- <literal>sanitiseResponseHeader</literal> + <literal>sanitizeResponseHeader</literal> Description: Sanitises a named response header. Action Group: Non-disruptive - Example: This will sanitise the Set-Cookie data sent to the + Example: This will sanitize the Set-Cookie data sent to the client. - SecAction log,phase:3,sanitiseResponseHeader:Set-Cookie + SecAction log,phase:3,sanitizeResponseHeader:Set-Cookie Note - Same note as sanitiseArg. + Same note as sanitizeArg.
@@ -5958,7 +5958,7 @@ SecRule XML "@validateSchema /path/to/apache2/conf/xml.xsd" Example: SecRule ARGS "@verifyCC \d{13,16}" \ - "phase:2,sanitiseMatched,log,auditlog,pass,msg:'Potential credit card number'" + "phase:2,sanitizeMatched,log,auditlog,pass,msg:'Potential credit card number'"
diff --git a/doc/modsecurity2-data-formats.xml b/doc/modsecurity2-data-formats.xml index de20c630..464caced 100644 --- a/doc/modsecurity2-data-formats.xml +++ b/doc/modsecurity2-data-formats.xml @@ -347,7 +347,7 @@ ModSecurity alerts will always contain text fragments that were taken from configuration or the transaction. Such text fragments escaped - before they are user in messages, in order to sanitise the potentially + before they are user in messages, in order to sanitize the potentially dangerous characters. They are also sometimes surrounded using double quotes. The escaping algorithm is as follows: @@ -856,7 +856,7 @@ Server: Apache/2.x.x Sanitised-Args The Sanitised-Args header contains a list - of arguments that were sanitised (each byte of their content + of arguments that were sanitized (each byte of their content replaced with an asterisk) before logging. For example: Sanitised-Args: "old_password", "new_password", "new_password_repeat". @@ -866,7 +866,7 @@ Server: Apache/2.x.x Sanitised-Request-Headers The Sanitised-Request-Headers header - contains a list of request headers that were sanitised before + contains a list of request headers that were sanitized before logging. For example: Sanitised-Request-Headers: "Authentication". @@ -876,7 +876,7 @@ Server: Apache/2.x.x Sanitised-Response-Headers The Sanitised-Response-Headers header - contains a list of response headers that were sanitised before + contains a list of response headers that were sanitized before logging. For example: Sanitised-Response-Headers: "My-Custom-Header".