Re: more problems cant turn inheritence off

On 11/18/06, Dan Rossi <spam@xxxxxxxxxxxxxxxx> wrote:
>

Hi Dan,

I would appreciate if you could only send one email per problem.
Please consider that we have many subscribers that typically already
have to deal with a large volume of email. Thanks.

I am assuming you are using ModSecurity 1.9.x:

1) "SecFilterInheritance Off" does not work because it's not a rule
that is causing your problem - it's a configuration directive. To
override configuration directives you simply configure another value.

2) It's also probably why you can't log and pass. Configuration
directives are processed before rules are and, if any problems are
found, requests are rejected. SecFilterDefaultAction only affect
rules. Personally I never liked this and that's why there are no
built-in checks in ModSecurity 2.x.

3) As for this message: "mod_security-message: Access denied with code
403. Invalid parameters: Error normalising parameter value: Invalid
character detected [0] [severity "EMERGENCY"]" it is a result of your
restriction on the allowed byte range, configured with
SecFilterForceByteRange. You have this command somewhere in your
configuration. To remove this restriction change it to
"SecFilterForceByteRange 0 255".

However, it is very unlikely there is a valid use for the null byte
character in the parameters. I have seen it legitimely used only once.
So you may want to look closer at that particular request.

-- 
Ivan Ristic

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV