: Filtering content from response body HTML (mod_security or other WAFs) We have Apache on Linux with mod_security as the Web App Firewall (WAF) layer. To prevent content injections, we have some
We have Apache on Linux with mod_security as the Web App Firewall (WAF) layer. To prevent content injections, we have some rules that basically disable a page containing some text patterns from showing up at all.
For example, if an HTML page on webserver has slur words (because some webmaster may have copied/pasted text without proofreading) the Apache server throws a 406 error.
Our requirement now is a little different: we would like to show the page as regular 200, but if such a pattern is matched, we want to strip out the offending content. Not block the entire page.
If we had a server side technology we could easily code for this, but sadly this is for a website with 1000s of static html pages.
Another solution might have been to do a cronjob of find/replace strings and run them on folders en-masse, maybe, but we don't have access to the file system in this case (different department).
We do have control over WAF or Apache rules if any. Any pointers or creative ideas?
More posts by @Angie530
2 Comments
Sorted by latest first Latest Oldest Best
Maybe you need the mod_ext_filter module.It can replace text in the response.
Here is the link:https://httpd.apache.org/docs/current/mod/mod_ext_filter.html
Hope it will be helpful.
Since you are on Linux, you surely have perl installed, and there is nothing more powerful than that to do what you want.
We can not tell you how to write the exact code to fix the problem, but you have the solution on the server, for sure. Just look for information on how to write code in perl as CGI.
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.