On 24 May 2014, at 05:51, Rosali <[email protected]> wrote: >> [Sat May 24 02:02:51.025715 2014] >> [:error] [pid 14334] [client ***] >> ModSecurity: Access denied with code 400 (phase 1). >> Operator GT matched 512 at ARGS_GET:_uids >> such params should be POSt and not GET >> affects mailboxes with a lot of messages and seems to be >> a very new problem with RC 1.0.x > > I think (not 100% sure) UID is passed with the URL to make messages cacheable. > > Displaying messages -> Cache messages
That's not the point. The point it why is it a GET and not a POST, and thats a valid question. As a GET you end up with a huge parameter string, which can be mistaken for a hack attempt by things like mod_security. Of course, you could say, well dont run mod_security then, or teach it that this is valid. Which is also a good point. I guess it depends on how difficult it would be to change. Probably not too bad id guess. Cor _______________________________________________ Roundcube Development discussion mailing list [email protected] http://lists.roundcube.net/mailman/listinfo/dev
