On 11/18/06, Dan Rossi <spam@xxxxxxxxxxxxxxxx> wrote:
Hi Dan,
I would appreciate if you could only send one email per problem.
Please consider that we have many subscribers that typically already
have to deal with a large volume of email. Thanks.
I am assuming you are using ModSecurity 1.9.x:
1) "SecFilterInheritance Off" does not work because it's not a rule
that is causing your problem - it's a configuration directive. To
override configuration directives you simply configure another value.
2) It's also probably why you can't log and pass. Configuration
directives are processed before rules are and, if any problems are
found, requests are rejected. SecFilterDefaultAction only affect
rules. Personally I never liked this and that's why there are no
built-in checks in ModSecurity 2.x.
3) As for this message: "mod_security-message: Access denied with code
403. Invalid parameters: Error normalising parameter value: Invalid
character detected [0] [severity "EMERGENCY"]" it is a result of your
restriction on the allowed byte range, configured with
SecFilterForceByteRange. You have this command somewhere in your
configuration. To remove this restriction change it to
"SecFilterForceByteRange 0 255".
However, it is very unlikely there is a valid use for the null byte
character in the parameters. I have seen it legitimely used only once.
So you may want to look closer at that particular request.
Ok another issue ive experienced now, is when we are blocking requests
with no user agent, some things dont send user agents like php includes
to other scripts, curl etc. How do we go about this.
Ive also discovered rules like therule log,pass , doesnt end up using
this action it ends up using the default action, will mod sec 2
definately be able to override some of the filters via virtualhost
configs and allow the rest to passthrough ?
Im also liking to send an email to myself when a rule is triggered, how
is it possible to send the message to a perlscript in the configs ?
|
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV_______________________________________________
mod-security-users mailing list
mod-security-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/mod-security-users
