Closed
Description
Reported by: Bruno Savioli de Almeida.
http://sourceforge.net/p/mod-security/mailman/message/32281341/
ModSecurity version 2.8.0
Rule:
SecAction "phase:5,id:'6660666',t:none,pass,nolog,sanitiseArg:cardNumber,sanitiseArg:cardToken"
audit log:
[29/Apr/2014:12:19:54 +0100] U1@K2goFLh4AAHIFMqAAAAAS 10.5.12.18 43609 10.5.46.31 443
--72235b1e-B--
POST /psp/save HTTP/1.1
User-Agent: curl/7.22.0 (x86_64-pc-linux-gnu) libcurl/7.22.0 OpenSSL/1.0.1 zlib/1.2.3.4 libidn/1.23 librtmp/2.3
Host: payments
Content-Type: application/json;charset=UTF-8
Accept: application/json
Content-Length: 114
--72235b1e-C--
{"cardToken":"aaaaaaaaaaaaaaaaaaaaaaaaaa1111111111111111111111aaaaaaaaaaaaaaaaaa","cardNumber":"1000000000000001"}
--72235b1e-F--
HTTP/1.1 400 Bad Request
Content-Type: application/json
Via: 1.1 payments
Content-Length: 78
Connection: close
--72235b1e-E--
{"message":"Please check your input and try again.","error":"Invalid Details"}
--72235b1e-H--
Apache-Handler: proxy-server
Stopwatch: 1398770394130647 22955 (- - -)
Stopwatch2: 1398770394130647 22955; combined=2733, p1=266, p2=2062, p3=9, p4=355, p5=40, sr=86, sw=1, l=0, gc=0
Response-Body-Transformed: Dechunked
Producer: ModSecurity for Apache/2.8.0 (http://www.modsecurity.org/); OWASP_CRS/2.2.9.
Server: Apache
Sanitised-Args: "cardNumber", "cardToken".
Engine-Mode: "DETECTION_ONLY"
A Similar request using application/x-www-form-urlencoded works as expected.