at the end of the rules ( or in an included rule file with the highest
number) put this line to reverse the effect of that rule in question
SecRuleRemoveById xxxxxxx
where xxxxxxx is the rule ID you can see from the debug output.
----- Original Message -----
From: "Grant Peel" <[EMAIL PROTECTED]>
To: <users@httpd.apache.org>
Sent: Friday, October 19, 2007 9:48 AM
Subject: [EMAIL PROTECTED] mod_security
Hi all,
I installed mod_security yesterday on one server and am in the process of
debugging.
Along with mod_security itself, I have installed a number of rules, most
of
which are not causing any issues. The two below are causing some problems
though:
Number one seems to do its job too well as it breaks any URL pages that
use
../../ etc. Our clients use those in a number of places, most of which are
image loading i.e. <img = "../../images/myimage.gif">
Any ideas on how I can re enable it and not break realative links like the
one above?
# 1. Prevent path traversal (..) attacks
# SecFilter "../"
The second one breaks the ability to read an email in Openwebmail (v2.51).
Any ideas on this?
# 2. Prevent XSS atacks (HTML/Javascript injection)
# SecFilter "<(.|n)+>"
TIA,
-Grant
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]