Showing results for 
Search instead for 
Did you mean: 
Level 7

Log HTML filtering (as opposed to URL filtering)

I've been using an awesome access denied log that I discovered on this site (which I'd link to but can't re-find for the life of me).

Unfortunately, this only seems to log specific requests/responses and doesn't show any information for when a web page is accessed but modified (for example javascript removed). I've tried to create a rule to log these types of events with no success, any suggestions?

0 Kudos
2 Replies
Level 15

Re: Log HTML filtering (as opposed to URL filtering)

The Body.Modified property might work for you.

In my version, I put it after the Antimalware rule and it triggers when a script was stripped out. I have mine logging to a separate modified.log file.

However, I can't find any reason property that describes what or why it was modified.

Rule Criteria:
Body.Modified equals true


Set User-Defined.logLine = DateTime.ToWebReporterString
+ " ""
+ String.ReplaceIfEquals (IP.ToString (Client.IP), "", "-")
+ "" ""
+ "" "
+ List.OfString.ToString (Antimalware.VirusNames<Gateway Anti-Malware: Standard Setting>)

FileSystemLogging.WriteLogEntry (User-Defined.logLine)<modified.log>

0 Kudos
Level 7

Re: Log HTML filtering (as opposed to URL filtering)

Thanks eelsasser,

I've created a similar rule but as you say there's no indication of what was modified or why.  I've been getting really inconsistent behaviour from the MWG7 in my testing compared to v6...  Without the logging I can't work out what's going on and have been holding off upgrading to v7.

0 Kudos