Re: mod-security-users Digest, Vol 6, Issue 22

Hi, i was assuming this works as it is documented

<Location /signup>
SecFilterInheritance Off
#SecFilterScanPOST On

</Location>

Are you saying for a particular location we have to set a completely different 
set of rules to overwrite the default ones ? Im considering using the set of 
configs from the got root website, there is like 4 or 5 configs full of rules. 
This would be a nightmare, id like to somehow just overright "some" default 
rules and tweak them for some locations and scripts. Ie a few files within this 
location is tripping the urlencoding filter because they have particularly 
badly formed query strings out of our control.

I cant manage to install mod sec 2 at all, any ideas how to compile this into 
apache2, there was also meantioning of particular compile flags all over the 
place, still no specific compile example for max performance. 


> Hi Dan,
>
> I would appreciate if you could only send one email per problem.
> Please consider that we have many subscribers that typically already
> have to deal with a large volume of email. Thanks.
>
> I am assuming you are using ModSecurity 1.9.x:
>
> 1) "SecFilterInheritance Off" does not work because it's not a rule
> that is causing your problem - it's a configuration directive. To
> override configuration directives you simply configure another value.
>
> 2) It's also probably why you can't log and pass. Configuration
> directives are processed before rules are and, if any problems are
> found, requests are rejected. SecFilterDefaultAction only affect
> rules. Personally I never liked this and that's why there are no
> built-in checks in ModSecurity 2.x.
>
> 3) As for this message: "mod_security-message: Access denied with code
> 403. Invalid parameters: Error normalising parameter value: Invalid
> character detected [0] [severity "EMERGENCY"]" it is a result of your
> restriction on the allowed byte range, configured with
> SecFilterForceByteRange. You have this command somewhere in your
> configuration. To remove this restriction change it to
> "SecFilterForceByteRange 0 255".
>
> However, it is very unlikely there is a valid use for the null byte
> character in the parameters. I have seen it legitimely used only once.
> So you may want to look closer at that particular request.
>
>   


-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV