2 Replies Latest reply on Sep 28, 2011 8:15 PM by jfitzell

    Log HTML filtering (as opposed to URL filtering)

      I've been using an awesome access denied log that I discovered on this site (which I'd link to but can't re-find for the life of me).

       

      Unfortunately, this only seems to log specific requests/responses and doesn't show any information for when a web page is accessed but modified (for example javascript removed). I've tried to create a rule to log these types of events with no success, any suggestions?

        • 1. Re: Log HTML filtering (as opposed to URL filtering)

          The Body.Modified property might work for you.

          In my 7.1.5.1 version, I put it after the Antimalware rule and it triggers when a script was stripped out. I have mine logging to a separate modified.log file.

           

          However, I can't find any reason property that describes what or why it was modified.

           

          Rule Criteria:
          Body.Modified equals true

           

          Action:
          Continue

           

          Events:
          Set User-Defined.logLine = DateTime.ToWebReporterString
          + " ""
          + String.ReplaceIfEquals (IP.ToString (Client.IP), "", "-")
          + "" ""
          + URL
          + "" "
          + List.OfString.ToString (Antimalware.VirusNames<Gateway Anti-Malware: Standard Setting>)

          FileSystemLogging.WriteLogEntry (User-Defined.logLine)<modified.log>

          1 of 1 people found this helpful
          • 2. Re: Log HTML filtering (as opposed to URL filtering)

            Thanks eelsasser,

             

            I've created a similar rule but as you say there's no indication of what was modified or why.  I've been getting really inconsistent behaviour from the MWG7 in my testing compared to v6...  Without the logging I can't work out what's going on and have been holding off upgrading to v7.