|
|
|
Choosing A Webhost: |
Mod Security To control File Uploads to a Database: msg#00048apache.mod-security.user
Can somebody shed some light on this? I have had similar problems previously which I never really resolved. It is a pretty common scenario and I am sure someone on the list has dealt with this issue. Thanks --- Johnny GoLightly <mywebquestion@xxxxxxxxxxxx> wrote: > > > Note: forwarded message attached. > > --------------------------------- > On Yahoo!7 > Answers: 25 million answers and counting. Learn > something new today> Date: Thu, 14 Sep 2006 18:02:37 +1000 (EST) > From: Johnny GoLightly <mywebquestion@xxxxxxxxxxxx> > Subject: Mod Security To control File Uploads to a > Database > To: mod-security-users@xxxxxxxxxxxxxxxxxxxxx > > Hi > > We have the following scenario and would > appreciate some help. > > We have a web application which accepts documents > up to 5MB in size and stores them in a backend DB. > The site is functioning but problem is that an > error message is not displayed when a file larger > than 5MB is uploaded. The web server just doesnt > process it. > > We are not currently using mod sec to scan posts. > > We currently have the native apache directive: > LimitRequestBody 5242880 > (set to 5MB) > > This directive, according to Apache docs, is > supposed to issue an error message when limit is > exceeded. But it doesnt. > > We would like to use mod sec to perform this scan > function. > > Other than: > SecFilterDefaultAction "deny,log,status:509" > SecFilterScanPOST On > > Where 509 is a custom message saying to user > "Upload limit exceeded" > > What additional mod sec directives are required to > enforce the limit? > Does it make a difference that the files are not > loaded to disk but to db? > > Thanks > > > > > --------------------------------- > On Yahoo!7 > Messenger: Make free PC-to-PC calls to your > friends overseas. __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
|
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| Previous by Date: | Re: SecUploadApproveScript problems, ariel |
|---|---|
| Next by Date: | Feedback on changing default HTTP 500 Response, Steve West |
| Previous by Thread: | Re: Mod Security To control File Uploads to a Database, Johnny GoLightly |
| Next by Thread: | Lackings in mod security, abakash |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
Free MagazinesCisco NewsReceive a free quarterly e-newsletter with exclusive articles on how Cisco IT uses its own products and solutions to enable the business. subscribe Systems Management News, the newspaper for IT systems administration and data center managers! Each issue of Systems Management News is chock-full of news and analysis to help you understand what's happening in your field. subscribe The Enterprise Newsweekly eWeek is the essential technology information source for builders of e-business. subscribe Oracle Magazine Oracle Magazine contains technology strategy articles, sample code, tips, Oracle and partner news, how to articles for developers and DBAs, and more. Oracle (NASDAQ: ORCL) is the world's largest enterprise software company. subscribe Total Telecom Total Telecom is "The Economist of the communications industry". subscribe |
