Re: [mod-security-users] inspect content-encoding gzip
Brought to you by:
victorhora,
zimmerletw
From: Otto S. <hx...@ya...> - 2012-02-15 12:19:40
|
so i solved this by this: SecDisableBackendCompression On SecResponseBodyAccess off SecRule REQUEST_URI "xxx" "phase:1"...... ctl:responseBodyAccess=on" SecRule RESPONSE_BODY "search-string" "deny" best regards, ________________________________ Von: Otto Schlagmichtot <hx...@ya...> An: Josh Amishav-Zlatin <ja...@gm...> Cc: "mod...@li..." <mod...@li...> Gesendet: 13:01 Mittwoch, 15.Februar 2012 Betreff: Re: [mod-security-users] inspect content-encoding gzip Hi Josh, Thank you for this update !! Is this possible to set this just for a special url? Because in the refrence the ctl is not defined for this. I need this just for one url and not for all. Best regards, ________________________________ Von: Josh Amishav-Zlatin <ja...@gm...> An: Otto Schlagmichtot <hx...@ya...> Cc: "mod...@li..." <mod...@li...> Gesendet: 12:48 Mittwoch, 15.Februar 2012 Betreff: Re: [mod-security-users] inspect content-encoding gzip On Wed, Feb 15, 2012 at 1:29 PM, Otto Schlagmichtot <hx...@ya...> wrote: > hi, > > i want to block the default login-page of the sap Netweaver but the response > content has the content-Encoding gzip. > > I know in former time modsecurity doesn't support this. is this now > possible? Hi Otto, If ModSec is running as a reverse proxy, take a look at SecDisableBackendCompression (http://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Reference_Manual#SecDisableBackendCompression) -- - Josh > > I thought i could resolve this by using the following commands: > > SecContentInjection On > SecResponseBodyAccess off > SecStreamOutBodyInspection On > > SecRule RESPONSE_BODY "SAP NetWeaver "phase:4,deny,t:none,log" > > > Best regards > > ------------------------------------------------------------------------------ > Virtualization & Cloud Management Using Capacity Planning > Cloud computing makes use of virtualization - but cloud computing > also focuses on allowing computing to be delivered as a service. > http://www.accelacomm.com/jaw/sfnl/114/51521223/ > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ > ------------------------------------------------------------------------------ Virtualization & Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/ _______________________________________________ mod-security-users mailing list mod...@li... https://lists.sourceforge.net/lists/listinfo/mod-security-users Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: http://www.modsecurity.org/projects/commercial/rules/ http://www.modsecurity.org/projects/commercial/support/ |