Try enabling SecContentInjection On. Ryan
On Nov 30, 2011, at 8:16 PM, "dreamice" <[email protected]<mailto:[email protected]>> wrote: Thanks for your reply! I use the latest version(httpd-2.2.21 and mod-2.6.2),and I write the rule as follow: SecStreamOutBodyInspection On SecRule STREAM_OUTPUT_BODY "@rsub s/1111/xxxx/" "phase:4,t:none,log,auditlog,pass" my default page is: <html><body><h1>It works!</h1></body></html> 1111 After I restart the httpd, I request the index.html page, the "1111" has not been replaced. I global set SecRuleEngine On, what is the problem with my operation? Thanks in advance! 2011/11/24 Josh Amishav-Zlatin <[email protected]<mailto:[email protected]>> On Thu, Nov 24, 2011 at 1:51 PM, dreamice <[email protected]<mailto:[email protected]>> wrote: > Hi, > I want to replace the response key words. Such as if the response data > include "Fuck", I want to write a rule to replace it with "****", how can I > do it? If your using 2.6.0 or later then use the @rsub operator. -- - Josh _______________________________________________ Owasp-modsecurity-core-rule-set mailing list [email protected]<mailto:[email protected]> https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. _______________________________________________ Owasp-modsecurity-core-rule-set mailing list [email protected] https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
