Hi all,

I installed mod_security yesterday on one server and am in the process of
debugging.

Along with mod_security itself, I have installed  a number of rules, most of
which are not causing any issues. The two below are causing some problems
though:

Number one seems to do its job too well as it breaks any URL pages that use
../../ etc. Our clients use those in a number of places, most of which are
image loading i.e. <img = "../../images/myimage.gif">

Any ideas on how I can re enable it and not break realative links like the
one above?

   # 1. Prevent path traversal (..) attacks
#    SecFilter "../"


The second one breaks the ability to read an email in Openwebmail (v2.51).
Any ideas on this?

   # 2. Prevent XSS atacks (HTML/Javascript injection)
#    SecFilter "<(.|n)+>"

TIA,

-Grant


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to