[mailed and posted]
On Jun 26, 2007, at 10:10 AM, Gio MBG Canepa root wrote:
Hi Mark!
---| Here the apache error Log: |---
[Tue Jun 26 17:03:00 2007] [error] [client 127.0.0.1] ModSecurity:
Access
denied with code 500 (phase 1). Pattern match "\\\\.(?:c(?:o(?:nf
(?:ig)?|m)|
s(?:proj|r)?|dx|er|fg|md)|p(?:rinter|ass|db|ol|wd)|v(?:b(?:proj|s)?|
sdisco)|
a(?:s(?:ax?|cx)|xd)|s(?:html?|ql|tm|ys)|d(?:bf?|at|ll|os)|i(?:d
[acq]|n[ci])|
ba(?:[kt]|ckup)|res(?:ources|x)|l(?:icx|nk|og)|\\\\w{,5}~|webinfo|ht
[rw]|
xs ..." at REQUEST_BASENAME. [id "960035"] [msg "URL file extension is
restricted by policy"] [severity "CRITICAL"] [hostname "home.
9records.com"]
[uri "/mailman/options/mailman/alexkenji--at--alexkenji.com"]
That answers the question. Your apache add-on of mod_security is not
allowing access to any URI ending with ".com".
You may wish to disable mod_security for the mailman directory. I
don't know how to do that, having never used mod_security (which
isn't part of the normal apache distribution).
Looking at the documentation at
http://www.modsecurity.org/documentation/modsecurity-apache/2.1.0/
html-multipage/03-configuration-directives.html
it looks like setting
SecRuleEngine off
within the appropriate <Location> or <VirtualHost> of your apache
configuration should solve the problem.
But keep in mind that this is the first time I've ever looked at
mod_security, so don't put a great deal of trust in my suggestion.
-j
--
Jeffrey Goldberg http://www.goldmark.org/jeff/
------------------------------------------------------
Mailman-Users mailing list
Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe:
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Security Policy:
http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp
